@robinmordasiewicz/f5xc-api-mcp 2.0.10-2601051503 → 2.0.19-2601071557
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -14
- package/README.md +9 -5
- package/dist/generator/domain-metadata.d.ts +1 -3
- package/dist/generator/domain-metadata.d.ts.map +1 -1
- package/dist/generator/domain-metadata.js +0 -20
- package/dist/generator/domain-metadata.js.map +1 -1
- package/dist/generator/naming/acronyms.d.ts +1 -1
- package/dist/generator/naming/acronyms.js +1 -1
- package/dist/tools/generated/ce_management/index.d.ts.map +1 -1
- package/dist/tools/generated/ce_management/index.js +179 -1582
- package/dist/tools/generated/ce_management/index.js.map +1 -1
- package/dist/tools/generated/dependency-graph.json +2 -265
- package/dist/version.d.ts +2 -2
- package/dist/version.js +2 -2
- package/manifest.json +1 -1
- package/package.json +1 -1
- package/specs/domains/admin_console_and_ui.json +176 -26
- package/specs/domains/ai_services.json +242 -36
- package/specs/domains/api.json +1507 -183
- package/specs/domains/authentication.json +358 -46
- package/specs/domains/bigip.json +825 -105
- package/specs/domains/billing_and_usage.json +666 -83
- package/specs/domains/blindfold.json +988 -111
- package/specs/domains/bot_and_threat_defense.json +550 -66
- package/specs/domains/cdn.json +2431 -198
- package/specs/domains/ce_management.json +9272 -15726
- package/specs/domains/certificates.json +540 -78
- package/specs/domains/cloud_infrastructure.json +1102 -122
- package/specs/domains/container_services.json +782 -99
- package/specs/domains/data_and_privacy_security.json +508 -68
- package/specs/domains/data_intelligence.json +487 -64
- package/specs/domains/ddos.json +1302 -161
- package/specs/domains/dns.json +1286 -162
- package/specs/domains/managed_kubernetes.json +687 -89
- package/specs/domains/marketplace.json +994 -105
- package/specs/domains/network.json +2340 -239
- package/specs/domains/network_security.json +1963 -192
- package/specs/domains/nginx_one.json +475 -63
- package/specs/domains/object_storage.json +163 -16
- package/specs/domains/observability.json +1519 -148
- package/specs/domains/rate_limiting.json +456 -56
- package/specs/domains/secops_and_incident_response.json +275 -37
- package/specs/domains/service_mesh.json +1320 -128
- package/specs/domains/shape.json +4196 -398
- package/specs/domains/sites.json +5053 -405
- package/specs/domains/statistics.json +2784 -236
- package/specs/domains/support.json +1038 -109
- package/specs/domains/telemetry_and_insights.json +993 -80
- package/specs/domains/tenant_and_identity.json +3487 -313
- package/specs/domains/threat_campaign.json +695 -72
- package/specs/domains/users.json +437 -72
- package/specs/domains/virtual.json +3716 -261
- package/specs/domains/vpm_and_node_management.json +61 -2
- package/specs/domains/waf.json +1551 -149
- package/specs/index.json +121 -26
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"info": {
|
|
4
4
|
"title": "Threat Campaign",
|
|
5
5
|
"description": "F5 Distributed Cloud Threat Campaign API specifications",
|
|
6
|
-
"version": "2.0.
|
|
6
|
+
"version": "2.0.19",
|
|
7
7
|
"contact": {
|
|
8
8
|
"name": "F5 Distributed Cloud",
|
|
9
9
|
"url": "https://docs.cloud.f5.com"
|
|
@@ -12,7 +12,57 @@
|
|
|
12
12
|
"name": "Proprietary",
|
|
13
13
|
"url": "https://www.f5.com/company/policies/eula"
|
|
14
14
|
},
|
|
15
|
-
"x-f5xc-cli-domain": "threat_campaign"
|
|
15
|
+
"x-f5xc-cli-domain": "threat_campaign",
|
|
16
|
+
"x-f5xc-best-practices": {
|
|
17
|
+
"common_errors": [
|
|
18
|
+
{
|
|
19
|
+
"code": 400,
|
|
20
|
+
"message": "Invalid request body",
|
|
21
|
+
"resolution": "Validate JSON structure and required fields before submission",
|
|
22
|
+
"prevention": "Use schema validation from OpenAPI spec"
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"code": 401,
|
|
26
|
+
"message": "Authentication failed",
|
|
27
|
+
"resolution": "Verify API token is valid and not expired",
|
|
28
|
+
"prevention": "Use environment variables for token management"
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"code": 403,
|
|
32
|
+
"message": "Permission denied",
|
|
33
|
+
"resolution": "Check user role and namespace permissions",
|
|
34
|
+
"prevention": "Verify RBAC policies before operations"
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
"code": 404,
|
|
38
|
+
"message": "Resource not found",
|
|
39
|
+
"resolution": "Verify resource name and namespace exist",
|
|
40
|
+
"prevention": "List resources before attempting operations"
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
"code": 409,
|
|
44
|
+
"message": "Resource already exists",
|
|
45
|
+
"resolution": "Use unique name or delete existing resource",
|
|
46
|
+
"prevention": "Check existence before creation"
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"code": 429,
|
|
50
|
+
"message": "Rate limit exceeded",
|
|
51
|
+
"resolution": "Implement exponential backoff and retry logic",
|
|
52
|
+
"prevention": "Batch operations and add delays between requests"
|
|
53
|
+
}
|
|
54
|
+
],
|
|
55
|
+
"security_notes": [
|
|
56
|
+
"Always use HTTPS for all API communications",
|
|
57
|
+
"Store API tokens securely, never in source code",
|
|
58
|
+
"Rotate API tokens regularly following security policies"
|
|
59
|
+
],
|
|
60
|
+
"performance_tips": [
|
|
61
|
+
"Use pagination for large result sets",
|
|
62
|
+
"Batch related operations when possible",
|
|
63
|
+
"Cache read-only responses appropriately"
|
|
64
|
+
]
|
|
65
|
+
}
|
|
16
66
|
},
|
|
17
67
|
"servers": [
|
|
18
68
|
{
|
|
@@ -251,6 +301,13 @@
|
|
|
251
301
|
"latency": "low",
|
|
252
302
|
"resource_usage": "low"
|
|
253
303
|
}
|
|
304
|
+
},
|
|
305
|
+
"x-f5xc-discovered-response-time": {
|
|
306
|
+
"p50_ms": 200,
|
|
307
|
+
"p95_ms": 800,
|
|
308
|
+
"p99_ms": 2000,
|
|
309
|
+
"sample_count": 0,
|
|
310
|
+
"source": "estimate"
|
|
254
311
|
}
|
|
255
312
|
},
|
|
256
313
|
"x-displayname": "Application Security Monitoring APIs.",
|
|
@@ -317,6 +374,8 @@
|
|
|
317
374
|
"default": "VIOL_NONE",
|
|
318
375
|
"x-displayname": "App Firewall Violation Type.",
|
|
319
376
|
"x-ves-proto-enum": "ves.io.schema.app_firewall.AppFirewallViolationType",
|
|
377
|
+
"x-f5xc-description-short": "List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH...",
|
|
378
|
+
"x-f5xc-description-medium": "List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS...",
|
|
320
379
|
"x-f5xc-minimum-configuration": {
|
|
321
380
|
"description": "Web Application Firewall (WAF) policy for protecting HTTP applications",
|
|
322
381
|
"required_fields": [
|
|
@@ -367,6 +426,8 @@
|
|
|
367
426
|
"default": "ATTACK_TYPE_NONE",
|
|
368
427
|
"x-displayname": "Attack Types.",
|
|
369
428
|
"x-ves-proto-enum": "ves.io.schema.app_firewall.AttackType",
|
|
429
|
+
"x-f5xc-description-short": "List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE...",
|
|
430
|
+
"x-f5xc-description-medium": "List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS...",
|
|
370
431
|
"x-f5xc-minimum-configuration": {
|
|
371
432
|
"description": "Web Application Firewall (WAF) policy for protecting HTTP applications",
|
|
372
433
|
"required_fields": [
|
|
@@ -402,6 +463,7 @@
|
|
|
402
463
|
"x-validation-rules": {
|
|
403
464
|
"ves.io.schema.rules.string.max_len": "256"
|
|
404
465
|
},
|
|
466
|
+
"x-f5xc-description-short": "Collapsed URL is the path with identified DYN components.",
|
|
405
467
|
"minLength": 0,
|
|
406
468
|
"x-f5xc-required-for": {
|
|
407
469
|
"minimum_config": false,
|
|
@@ -426,6 +488,7 @@
|
|
|
426
488
|
}
|
|
427
489
|
}
|
|
428
490
|
},
|
|
491
|
+
"x-f5xc-description-short": "API Endpoint indentified by collapsed_url and method.",
|
|
429
492
|
"x-f5xc-minimum-configuration": {
|
|
430
493
|
"description": "Minimum configuration for app_securityApiEndpoint",
|
|
431
494
|
"required_fields": [
|
|
@@ -456,6 +519,7 @@
|
|
|
456
519
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
457
520
|
"x-ves-example": "VES-I/O-frontend.",
|
|
458
521
|
"x-f5xc-example": "ves-io-frontend",
|
|
522
|
+
"x-f5xc-description-short": "HTTP load balancer for which this API endpoint protection rule applied.",
|
|
459
523
|
"minLength": 0,
|
|
460
524
|
"maxLength": 16,
|
|
461
525
|
"x-f5xc-required-for": {
|
|
@@ -466,7 +530,7 @@
|
|
|
466
530
|
},
|
|
467
531
|
"x-original-maxLength": 1024,
|
|
468
532
|
"x-reconciled-from-discovery": true,
|
|
469
|
-
"x-reconciled-at": "2026-01-
|
|
533
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792831+00:00"
|
|
470
534
|
},
|
|
471
535
|
"namespace": {
|
|
472
536
|
"type": "string",
|
|
@@ -475,6 +539,7 @@
|
|
|
475
539
|
"x-displayname": "Namespace",
|
|
476
540
|
"x-ves-example": "Shared",
|
|
477
541
|
"x-f5xc-example": "shared",
|
|
542
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
478
543
|
"minLength": 0,
|
|
479
544
|
"maxLength": 6,
|
|
480
545
|
"x-f5xc-required-for": {
|
|
@@ -485,7 +550,7 @@
|
|
|
485
550
|
},
|
|
486
551
|
"x-original-maxLength": 1024,
|
|
487
552
|
"x-reconciled-from-discovery": true,
|
|
488
|
-
"x-reconciled-at": "2026-01-
|
|
553
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792838+00:00"
|
|
489
554
|
},
|
|
490
555
|
"path": {
|
|
491
556
|
"type": "string",
|
|
@@ -506,6 +571,7 @@
|
|
|
506
571
|
"ves.io.schema.rules.string.max_len": "1024",
|
|
507
572
|
"ves.io.schema.rules.string.templated_http_path": "true"
|
|
508
573
|
},
|
|
574
|
+
"x-f5xc-description-short": "Path to apply the API endpoint protection to Required: YES.",
|
|
509
575
|
"minLength": 0,
|
|
510
576
|
"x-f5xc-required-for": {
|
|
511
577
|
"minimum_config": false,
|
|
@@ -515,6 +581,7 @@
|
|
|
515
581
|
}
|
|
516
582
|
}
|
|
517
583
|
},
|
|
584
|
+
"x-f5xc-description-short": "GET suggested API endpoint protection rule for a given path.",
|
|
518
585
|
"x-f5xc-minimum-configuration": {
|
|
519
586
|
"description": "Minimum configuration for app_securityGetSuggestedAPIEndpointProtectionRuleReq",
|
|
520
587
|
"required_fields": [
|
|
@@ -544,6 +611,7 @@
|
|
|
544
611
|
"$ref": "#/components/schemas/common_wafAPIEndpointProtectionRule"
|
|
545
612
|
}
|
|
546
613
|
},
|
|
614
|
+
"x-f5xc-description-short": "GET suggested API endpoint protection rule for a given path.",
|
|
547
615
|
"x-f5xc-minimum-configuration": {
|
|
548
616
|
"description": "Minimum configuration for app_securityGetSuggestedAPIEndpointProtectionRuleRsp",
|
|
549
617
|
"required_fields": [
|
|
@@ -605,6 +673,7 @@
|
|
|
605
673
|
"ves.io.schema.rules.uint32.gte": "0",
|
|
606
674
|
"ves.io.schema.rules.uint32.lte": "401308"
|
|
607
675
|
},
|
|
676
|
+
"x-f5xc-description-short": "RFC 6793 defined 4-byte AS number Required: YES.",
|
|
608
677
|
"minimum": 0,
|
|
609
678
|
"maximum": 2147483647,
|
|
610
679
|
"x-f5xc-required-for": {
|
|
@@ -646,6 +715,7 @@
|
|
|
646
715
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
647
716
|
"x-ves-example": "VES-I/O-frontend.",
|
|
648
717
|
"x-f5xc-example": "ves-io-frontend",
|
|
718
|
+
"x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
|
|
649
719
|
"minLength": 0,
|
|
650
720
|
"maxLength": 16,
|
|
651
721
|
"x-f5xc-required-for": {
|
|
@@ -656,7 +726,7 @@
|
|
|
656
726
|
},
|
|
657
727
|
"x-original-maxLength": 1024,
|
|
658
728
|
"x-reconciled-from-discovery": true,
|
|
659
|
-
"x-reconciled-at": "2026-01-
|
|
729
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792853+00:00"
|
|
660
730
|
},
|
|
661
731
|
"namespace": {
|
|
662
732
|
"type": "string",
|
|
@@ -665,6 +735,7 @@
|
|
|
665
735
|
"x-displayname": "Namespace",
|
|
666
736
|
"x-ves-example": "Shared",
|
|
667
737
|
"x-f5xc-example": "shared",
|
|
738
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
668
739
|
"minLength": 0,
|
|
669
740
|
"maxLength": 6,
|
|
670
741
|
"x-f5xc-required-for": {
|
|
@@ -675,7 +746,7 @@
|
|
|
675
746
|
},
|
|
676
747
|
"x-original-maxLength": 1024,
|
|
677
748
|
"x-reconciled-from-discovery": true,
|
|
678
|
-
"x-reconciled-at": "2026-01-
|
|
749
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792857+00:00"
|
|
679
750
|
},
|
|
680
751
|
"user_id": {
|
|
681
752
|
"type": "string",
|
|
@@ -701,6 +772,7 @@
|
|
|
701
772
|
"x-field-mutability": "read-only"
|
|
702
773
|
}
|
|
703
774
|
},
|
|
775
|
+
"x-f5xc-description-short": "GET suggested blocking SimpleClientSrcRule for a given IP/ASN.",
|
|
704
776
|
"x-f5xc-minimum-configuration": {
|
|
705
777
|
"description": "Minimum configuration for app_securityGetSuggestedBlockClientRuleReq",
|
|
706
778
|
"required_fields": [
|
|
@@ -735,6 +807,7 @@
|
|
|
735
807
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
736
808
|
"x-ves-example": "VES-I/O-frontend.",
|
|
737
809
|
"x-f5xc-example": "ves-io-frontend",
|
|
810
|
+
"x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
|
|
738
811
|
"minLength": 0,
|
|
739
812
|
"maxLength": 16,
|
|
740
813
|
"x-f5xc-required-for": {
|
|
@@ -745,12 +818,13 @@
|
|
|
745
818
|
},
|
|
746
819
|
"x-original-maxLength": 1024,
|
|
747
820
|
"x-reconciled-from-discovery": true,
|
|
748
|
-
"x-reconciled-at": "2026-01-
|
|
821
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792865+00:00"
|
|
749
822
|
},
|
|
750
823
|
"rule": {
|
|
751
824
|
"$ref": "#/components/schemas/common_wafSimpleClientSrcRule"
|
|
752
825
|
}
|
|
753
826
|
},
|
|
827
|
+
"x-f5xc-description-short": "GET suggested blocking SimpleClientSrcRule for a given IP/ASN.",
|
|
754
828
|
"x-f5xc-minimum-configuration": {
|
|
755
829
|
"description": "Minimum configuration for app_securityGetSuggestedBlockClientRuleRsp",
|
|
756
830
|
"required_fields": [
|
|
@@ -792,6 +866,7 @@
|
|
|
792
866
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
793
867
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
794
868
|
},
|
|
869
|
+
"x-f5xc-description-short": "Sources that are located in one of the countries in the given list.",
|
|
795
870
|
"x-f5xc-required-for": {
|
|
796
871
|
"minimum_config": false,
|
|
797
872
|
"create": false,
|
|
@@ -812,6 +887,7 @@
|
|
|
812
887
|
"x-displayname": "Load Balancer Name.",
|
|
813
888
|
"x-ves-example": "VES-I/O-frontend.",
|
|
814
889
|
"x-f5xc-example": "ves-io-frontend",
|
|
890
|
+
"x-f5xc-description-short": "Load balancer for which this WAF exclusion will be applied.",
|
|
815
891
|
"minLength": 0,
|
|
816
892
|
"maxLength": 16,
|
|
817
893
|
"x-f5xc-required-for": {
|
|
@@ -822,7 +898,7 @@
|
|
|
822
898
|
},
|
|
823
899
|
"x-original-maxLength": 1024,
|
|
824
900
|
"x-reconciled-from-discovery": true,
|
|
825
|
-
"x-reconciled-at": "2026-01-
|
|
901
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792876+00:00"
|
|
826
902
|
},
|
|
827
903
|
"namespace": {
|
|
828
904
|
"type": "string",
|
|
@@ -831,6 +907,7 @@
|
|
|
831
907
|
"x-displayname": "Namespace",
|
|
832
908
|
"x-ves-example": "Shared",
|
|
833
909
|
"x-f5xc-example": "shared",
|
|
910
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
834
911
|
"minLength": 0,
|
|
835
912
|
"maxLength": 6,
|
|
836
913
|
"x-f5xc-required-for": {
|
|
@@ -841,12 +918,13 @@
|
|
|
841
918
|
},
|
|
842
919
|
"x-original-maxLength": 1024,
|
|
843
920
|
"x-reconciled-from-discovery": true,
|
|
844
|
-
"x-reconciled-at": "2026-01-
|
|
921
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792880+00:00"
|
|
845
922
|
},
|
|
846
923
|
"tls_fingerprint_matcher": {
|
|
847
924
|
"$ref": "#/components/schemas/policyTlsFingerprintMatcherType"
|
|
848
925
|
}
|
|
849
926
|
},
|
|
927
|
+
"x-f5xc-description-short": "GET suggested blocking DDoSMitigtionRule for a given IP/ASN/Country/TLS.",
|
|
850
928
|
"x-f5xc-minimum-configuration": {
|
|
851
929
|
"description": "Minimum configuration for app_securityGetSuggestedDDoSMitigtionRuleReq",
|
|
852
930
|
"required_fields": [
|
|
@@ -885,6 +963,7 @@
|
|
|
885
963
|
"x-displayname": "DDoS Mitigation Rule Name.",
|
|
886
964
|
"x-ves-example": "VES-I/O-DDoS-mitigation-rule.",
|
|
887
965
|
"x-f5xc-example": "ves-io-ddos-mitigation-rule",
|
|
966
|
+
"x-f5xc-description-short": "HTTP load balancer for which this DDoS Mitigation Rule will be applied.",
|
|
888
967
|
"minLength": 0,
|
|
889
968
|
"maxLength": 1024,
|
|
890
969
|
"x-f5xc-required-for": {
|
|
@@ -895,6 +974,7 @@
|
|
|
895
974
|
}
|
|
896
975
|
}
|
|
897
976
|
},
|
|
977
|
+
"x-f5xc-description-short": "GET suggested DDoS Mitigtion Rule for a given IP/ASN/Country/TLS.",
|
|
898
978
|
"x-f5xc-minimum-configuration": {
|
|
899
979
|
"description": "Minimum configuration for app_securityGetSuggestedDDoSMitigtionRuleRsp",
|
|
900
980
|
"required_fields": [
|
|
@@ -925,6 +1005,7 @@
|
|
|
925
1005
|
},
|
|
926
1006
|
"x-displayname": "API Groups membership.",
|
|
927
1007
|
"x-f5xc-example": "[\"group-1\", \"group-2\"]",
|
|
1008
|
+
"x-f5xc-description-short": "List of API Groups the API Endpoint is a member of.",
|
|
928
1009
|
"x-f5xc-required-for": {
|
|
929
1010
|
"minimum_config": false,
|
|
930
1011
|
"create": false,
|
|
@@ -942,6 +1023,7 @@
|
|
|
942
1023
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
943
1024
|
"x-ves-example": "VES-I/O-frontend.",
|
|
944
1025
|
"x-f5xc-example": "ves-io-frontend",
|
|
1026
|
+
"x-f5xc-description-short": "HTTP load balancer for which this Open API specification validation rule applied.",
|
|
945
1027
|
"minLength": 0,
|
|
946
1028
|
"maxLength": 16,
|
|
947
1029
|
"x-f5xc-required-for": {
|
|
@@ -952,7 +1034,7 @@
|
|
|
952
1034
|
},
|
|
953
1035
|
"x-original-maxLength": 1024,
|
|
954
1036
|
"x-reconciled-from-discovery": true,
|
|
955
|
-
"x-reconciled-at": "2026-01-
|
|
1037
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792892+00:00"
|
|
956
1038
|
},
|
|
957
1039
|
"namespace": {
|
|
958
1040
|
"type": "string",
|
|
@@ -961,6 +1043,7 @@
|
|
|
961
1043
|
"x-displayname": "Namespace",
|
|
962
1044
|
"x-ves-example": "Shared",
|
|
963
1045
|
"x-f5xc-example": "shared",
|
|
1046
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
964
1047
|
"minLength": 0,
|
|
965
1048
|
"maxLength": 6,
|
|
966
1049
|
"x-f5xc-required-for": {
|
|
@@ -971,7 +1054,7 @@
|
|
|
971
1054
|
},
|
|
972
1055
|
"x-original-maxLength": 1024,
|
|
973
1056
|
"x-reconciled-from-discovery": true,
|
|
974
|
-
"x-reconciled-at": "2026-01-
|
|
1057
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792896+00:00"
|
|
975
1058
|
},
|
|
976
1059
|
"path": {
|
|
977
1060
|
"type": "string",
|
|
@@ -992,6 +1075,7 @@
|
|
|
992
1075
|
"ves.io.schema.rules.string.max_len": "1024",
|
|
993
1076
|
"ves.io.schema.rules.string.templated_http_path": "true"
|
|
994
1077
|
},
|
|
1078
|
+
"x-f5xc-description-short": "Path to apply the Open API specification validation to Required: YES.",
|
|
995
1079
|
"minLength": 0,
|
|
996
1080
|
"x-f5xc-required-for": {
|
|
997
1081
|
"minimum_config": false,
|
|
@@ -1001,6 +1085,7 @@
|
|
|
1001
1085
|
}
|
|
1002
1086
|
}
|
|
1003
1087
|
},
|
|
1088
|
+
"x-f5xc-description-short": "GET suggested Open API specification validation for a given path.",
|
|
1004
1089
|
"x-f5xc-minimum-configuration": {
|
|
1005
1090
|
"description": "Minimum configuration for app_securityGetSuggestedOasValidationRuleReq",
|
|
1006
1091
|
"required_fields": [
|
|
@@ -1035,6 +1120,7 @@
|
|
|
1035
1120
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
1036
1121
|
}
|
|
1037
1122
|
},
|
|
1123
|
+
"x-f5xc-description-short": "GET suggested Open API specification validation for a given path.",
|
|
1038
1124
|
"x-f5xc-minimum-configuration": {
|
|
1039
1125
|
"description": "Minimum configuration for app_securityGetSuggestedOasValidationRuleRsp",
|
|
1040
1126
|
"required_fields": [
|
|
@@ -1066,6 +1152,7 @@
|
|
|
1066
1152
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
1067
1153
|
"x-ves-example": "VES-I/O-frontend.",
|
|
1068
1154
|
"x-f5xc-example": "ves-io-frontend",
|
|
1155
|
+
"x-f5xc-description-short": "HTTP load balancer for which this rate limit rule applied.",
|
|
1069
1156
|
"minLength": 0,
|
|
1070
1157
|
"maxLength": 16,
|
|
1071
1158
|
"x-f5xc-required-for": {
|
|
@@ -1076,7 +1163,7 @@
|
|
|
1076
1163
|
},
|
|
1077
1164
|
"x-original-maxLength": 1024,
|
|
1078
1165
|
"x-reconciled-from-discovery": true,
|
|
1079
|
-
"x-reconciled-at": "2026-01-
|
|
1166
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792907+00:00"
|
|
1080
1167
|
},
|
|
1081
1168
|
"namespace": {
|
|
1082
1169
|
"type": "string",
|
|
@@ -1085,6 +1172,7 @@
|
|
|
1085
1172
|
"x-displayname": "Namespace",
|
|
1086
1173
|
"x-ves-example": "Shared",
|
|
1087
1174
|
"x-f5xc-example": "shared",
|
|
1175
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
1088
1176
|
"minLength": 0,
|
|
1089
1177
|
"maxLength": 6,
|
|
1090
1178
|
"x-f5xc-required-for": {
|
|
@@ -1095,7 +1183,7 @@
|
|
|
1095
1183
|
},
|
|
1096
1184
|
"x-original-maxLength": 1024,
|
|
1097
1185
|
"x-reconciled-from-discovery": true,
|
|
1098
|
-
"x-reconciled-at": "2026-01-
|
|
1186
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792912+00:00"
|
|
1099
1187
|
},
|
|
1100
1188
|
"path": {
|
|
1101
1189
|
"type": "string",
|
|
@@ -1116,6 +1204,7 @@
|
|
|
1116
1204
|
"ves.io.schema.rules.string.max_len": "1024",
|
|
1117
1205
|
"ves.io.schema.rules.string.templated_http_path": "true"
|
|
1118
1206
|
},
|
|
1207
|
+
"x-f5xc-description-short": "Path to apply the rate limit to Required: YES.",
|
|
1119
1208
|
"minLength": 0,
|
|
1120
1209
|
"x-f5xc-required-for": {
|
|
1121
1210
|
"minimum_config": false,
|
|
@@ -1125,6 +1214,7 @@
|
|
|
1125
1214
|
}
|
|
1126
1215
|
}
|
|
1127
1216
|
},
|
|
1217
|
+
"x-f5xc-description-short": "GET suggested rate limit rule for a given path.",
|
|
1128
1218
|
"x-f5xc-minimum-configuration": {
|
|
1129
1219
|
"description": "Minimum configuration for app_securityGetSuggestedRateLimitRuleReq",
|
|
1130
1220
|
"required_fields": [
|
|
@@ -1154,6 +1244,7 @@
|
|
|
1154
1244
|
"$ref": "#/components/schemas/common_wafApiEndpointRule"
|
|
1155
1245
|
}
|
|
1156
1246
|
},
|
|
1247
|
+
"x-f5xc-description-short": "GET suggested rate limit rule for a given path.",
|
|
1157
1248
|
"x-f5xc-minimum-configuration": {
|
|
1158
1249
|
"description": "Minimum configuration for app_securityGetSuggestedRateLimitRuleRsp",
|
|
1159
1250
|
"required_fields": [
|
|
@@ -1184,6 +1275,7 @@
|
|
|
1184
1275
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
1185
1276
|
"x-ves-example": "VES-I/O-frontend.",
|
|
1186
1277
|
"x-f5xc-example": "ves-io-frontend",
|
|
1278
|
+
"x-f5xc-description-short": "HTTP load balancer for which this sensitive data rule applied.",
|
|
1187
1279
|
"minLength": 0,
|
|
1188
1280
|
"maxLength": 16,
|
|
1189
1281
|
"x-f5xc-required-for": {
|
|
@@ -1194,7 +1286,7 @@
|
|
|
1194
1286
|
},
|
|
1195
1287
|
"x-original-maxLength": 1024,
|
|
1196
1288
|
"x-reconciled-from-discovery": true,
|
|
1197
|
-
"x-reconciled-at": "2026-01-
|
|
1289
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792922+00:00"
|
|
1198
1290
|
},
|
|
1199
1291
|
"namespace": {
|
|
1200
1292
|
"type": "string",
|
|
@@ -1203,6 +1295,7 @@
|
|
|
1203
1295
|
"x-displayname": "Namespace",
|
|
1204
1296
|
"x-ves-example": "Shared",
|
|
1205
1297
|
"x-f5xc-example": "shared",
|
|
1298
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
1206
1299
|
"minLength": 0,
|
|
1207
1300
|
"maxLength": 6,
|
|
1208
1301
|
"x-f5xc-required-for": {
|
|
@@ -1213,7 +1306,7 @@
|
|
|
1213
1306
|
},
|
|
1214
1307
|
"x-original-maxLength": 1024,
|
|
1215
1308
|
"x-reconciled-from-discovery": true,
|
|
1216
|
-
"x-reconciled-at": "2026-01-
|
|
1309
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792927+00:00"
|
|
1217
1310
|
},
|
|
1218
1311
|
"path": {
|
|
1219
1312
|
"type": "string",
|
|
@@ -1234,6 +1327,7 @@
|
|
|
1234
1327
|
"ves.io.schema.rules.string.max_len": "1024",
|
|
1235
1328
|
"ves.io.schema.rules.string.templated_http_path": "true"
|
|
1236
1329
|
},
|
|
1330
|
+
"x-f5xc-description-short": "Path to apply the senstive data to Required: YES.",
|
|
1237
1331
|
"minLength": 0,
|
|
1238
1332
|
"x-f5xc-required-for": {
|
|
1239
1333
|
"minimum_config": false,
|
|
@@ -1243,6 +1337,7 @@
|
|
|
1243
1337
|
}
|
|
1244
1338
|
}
|
|
1245
1339
|
},
|
|
1340
|
+
"x-f5xc-description-short": "GET suggested sensitive data rule for a given path.",
|
|
1246
1341
|
"x-f5xc-minimum-configuration": {
|
|
1247
1342
|
"description": "Minimum configuration for app_securityGetSuggestedSensitiveDataRuleReq",
|
|
1248
1343
|
"required_fields": [
|
|
@@ -1272,6 +1367,7 @@
|
|
|
1272
1367
|
"$ref": "#/components/schemas/http_loadbalancerSensitiveDataTypes"
|
|
1273
1368
|
}
|
|
1274
1369
|
},
|
|
1370
|
+
"x-f5xc-description-short": "GET suggested sensitive data rule for a given path.",
|
|
1275
1371
|
"x-f5xc-minimum-configuration": {
|
|
1276
1372
|
"description": "Minimum configuration for app_securityGetSuggestedSensitiveDataRuleRsp",
|
|
1277
1373
|
"required_fields": [
|
|
@@ -1333,6 +1429,7 @@
|
|
|
1333
1429
|
"ves.io.schema.rules.uint32.gte": "0",
|
|
1334
1430
|
"ves.io.schema.rules.uint32.lte": "401308"
|
|
1335
1431
|
},
|
|
1432
|
+
"x-f5xc-description-short": "RFC 6793 defined 4-byte AS number Required: YES.",
|
|
1336
1433
|
"minimum": 0,
|
|
1337
1434
|
"maximum": 2147483647,
|
|
1338
1435
|
"x-f5xc-required-for": {
|
|
@@ -1375,6 +1472,7 @@
|
|
|
1375
1472
|
"x-displayname": "IP Reputation Security Event.",
|
|
1376
1473
|
"x-ves-example": "True",
|
|
1377
1474
|
"x-f5xc-example": "true",
|
|
1475
|
+
"x-f5xc-description-short": "Indicates whether the security event is IP reputation.",
|
|
1378
1476
|
"x-f5xc-required-for": {
|
|
1379
1477
|
"minimum_config": false,
|
|
1380
1478
|
"create": false,
|
|
@@ -1389,6 +1487,7 @@
|
|
|
1389
1487
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
1390
1488
|
"x-ves-example": "VES-I/O-frontend.",
|
|
1391
1489
|
"x-f5xc-example": "ves-io-frontend",
|
|
1490
|
+
"x-f5xc-description-short": "HTTP load balancer for which this client blocking rule will be applied.",
|
|
1392
1491
|
"minLength": 0,
|
|
1393
1492
|
"maxLength": 16,
|
|
1394
1493
|
"x-f5xc-required-for": {
|
|
@@ -1399,7 +1498,7 @@
|
|
|
1399
1498
|
},
|
|
1400
1499
|
"x-original-maxLength": 1024,
|
|
1401
1500
|
"x-reconciled-from-discovery": true,
|
|
1402
|
-
"x-reconciled-at": "2026-01-
|
|
1501
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792941+00:00"
|
|
1403
1502
|
},
|
|
1404
1503
|
"namespace": {
|
|
1405
1504
|
"type": "string",
|
|
@@ -1408,6 +1507,7 @@
|
|
|
1408
1507
|
"x-displayname": "Namespace",
|
|
1409
1508
|
"x-ves-example": "Shared",
|
|
1410
1509
|
"x-f5xc-example": "shared",
|
|
1510
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
1411
1511
|
"minLength": 0,
|
|
1412
1512
|
"maxLength": 6,
|
|
1413
1513
|
"x-f5xc-required-for": {
|
|
@@ -1418,7 +1518,7 @@
|
|
|
1418
1518
|
},
|
|
1419
1519
|
"x-original-maxLength": 1024,
|
|
1420
1520
|
"x-reconciled-from-discovery": true,
|
|
1421
|
-
"x-reconciled-at": "2026-01-
|
|
1521
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792946+00:00"
|
|
1422
1522
|
},
|
|
1423
1523
|
"sec_event_name": {
|
|
1424
1524
|
"type": "string",
|
|
@@ -1455,6 +1555,7 @@
|
|
|
1455
1555
|
"ves.io.schema.rules.repeated.max_items": "4",
|
|
1456
1556
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
1457
1557
|
},
|
|
1558
|
+
"x-f5xc-description-short": "List of Security Event types that should stop being generated for this client.",
|
|
1458
1559
|
"x-f5xc-required-for": {
|
|
1459
1560
|
"minimum_config": false,
|
|
1460
1561
|
"create": false,
|
|
@@ -1470,6 +1571,7 @@
|
|
|
1470
1571
|
"x-displayname": "Threat Mesh Security Event.",
|
|
1471
1572
|
"x-ves-example": "True",
|
|
1472
1573
|
"x-f5xc-example": "true",
|
|
1574
|
+
"x-f5xc-description-short": "Indicates whether the security event is threat mesh.",
|
|
1473
1575
|
"x-f5xc-required-for": {
|
|
1474
1576
|
"minimum_config": false,
|
|
1475
1577
|
"create": false,
|
|
@@ -1501,6 +1603,7 @@
|
|
|
1501
1603
|
"x-field-mutability": "read-only"
|
|
1502
1604
|
}
|
|
1503
1605
|
},
|
|
1606
|
+
"x-f5xc-description-short": "GET suggested blocking SimpleClientSrcRule for a given IP/ASN.",
|
|
1504
1607
|
"x-f5xc-minimum-configuration": {
|
|
1505
1608
|
"description": "Minimum configuration for app_securityGetSuggestedTrustClientRuleReq",
|
|
1506
1609
|
"required_fields": [
|
|
@@ -1539,6 +1642,7 @@
|
|
|
1539
1642
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
1540
1643
|
"x-ves-example": "VES-I/O-frontend.",
|
|
1541
1644
|
"x-f5xc-example": "ves-io-frontend",
|
|
1645
|
+
"x-f5xc-description-short": "HTTP load balancer for which this client rule will be applied.",
|
|
1542
1646
|
"minLength": 0,
|
|
1543
1647
|
"maxLength": 16,
|
|
1544
1648
|
"x-f5xc-required-for": {
|
|
@@ -1549,12 +1653,13 @@
|
|
|
1549
1653
|
},
|
|
1550
1654
|
"x-original-maxLength": 1024,
|
|
1551
1655
|
"x-reconciled-from-discovery": true,
|
|
1552
|
-
"x-reconciled-at": "2026-01-
|
|
1656
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792957+00:00"
|
|
1553
1657
|
},
|
|
1554
1658
|
"rule": {
|
|
1555
1659
|
"$ref": "#/components/schemas/common_wafSimpleClientSrcRule"
|
|
1556
1660
|
}
|
|
1557
1661
|
},
|
|
1662
|
+
"x-f5xc-description-short": "GET suggested SimpleClientSrcRule to trust a given IP/ASN.",
|
|
1558
1663
|
"x-f5xc-minimum-configuration": {
|
|
1559
1664
|
"description": "Minimum configuration for app_securityGetSuggestedTrustClientRuleRsp",
|
|
1560
1665
|
"required_fields": [
|
|
@@ -1605,7 +1710,7 @@
|
|
|
1605
1710
|
"x-original-maxLength": 256,
|
|
1606
1711
|
"format": "hostname",
|
|
1607
1712
|
"x-reconciled-from-discovery": true,
|
|
1608
|
-
"x-reconciled-at": "2026-01-
|
|
1713
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792967+00:00"
|
|
1609
1714
|
},
|
|
1610
1715
|
"exclude_bot_names": {
|
|
1611
1716
|
"type": "array",
|
|
@@ -1626,6 +1731,7 @@
|
|
|
1626
1731
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
1627
1732
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
1628
1733
|
},
|
|
1734
|
+
"x-f5xc-description-short": "Bot name contexts to be excluded for this request.",
|
|
1629
1735
|
"x-f5xc-required-for": {
|
|
1630
1736
|
"minimum_config": false,
|
|
1631
1737
|
"create": false,
|
|
@@ -1652,6 +1758,7 @@
|
|
|
1652
1758
|
"ves.io.schema.rules.repeated.max_items": "1024",
|
|
1653
1759
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
1654
1760
|
},
|
|
1761
|
+
"x-f5xc-description-short": "App Firewall signature contexts to be excluded for this request.",
|
|
1655
1762
|
"x-f5xc-required-for": {
|
|
1656
1763
|
"minimum_config": false,
|
|
1657
1764
|
"create": false,
|
|
@@ -1678,6 +1785,7 @@
|
|
|
1678
1785
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
1679
1786
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
1680
1787
|
},
|
|
1788
|
+
"x-f5xc-description-short": "App Firewall violation contexts to be excluded for this request.",
|
|
1681
1789
|
"x-f5xc-required-for": {
|
|
1682
1790
|
"minimum_config": false,
|
|
1683
1791
|
"create": false,
|
|
@@ -1692,6 +1800,7 @@
|
|
|
1692
1800
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
1693
1801
|
"x-ves-example": "VES-I/O-frontend.",
|
|
1694
1802
|
"x-f5xc-example": "ves-io-frontend",
|
|
1803
|
+
"x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
|
|
1695
1804
|
"minLength": 0,
|
|
1696
1805
|
"maxLength": 16,
|
|
1697
1806
|
"x-f5xc-required-for": {
|
|
@@ -1702,7 +1811,7 @@
|
|
|
1702
1811
|
},
|
|
1703
1812
|
"x-original-maxLength": 1024,
|
|
1704
1813
|
"x-reconciled-from-discovery": true,
|
|
1705
|
-
"x-reconciled-at": "2026-01-
|
|
1814
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792976+00:00"
|
|
1706
1815
|
},
|
|
1707
1816
|
"namespace": {
|
|
1708
1817
|
"type": "string",
|
|
@@ -1711,6 +1820,7 @@
|
|
|
1711
1820
|
"x-displayname": "Namespace",
|
|
1712
1821
|
"x-ves-example": "Shared",
|
|
1713
1822
|
"x-f5xc-example": "shared",
|
|
1823
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
1714
1824
|
"minLength": 0,
|
|
1715
1825
|
"maxLength": 6,
|
|
1716
1826
|
"x-f5xc-required-for": {
|
|
@@ -1721,7 +1831,7 @@
|
|
|
1721
1831
|
},
|
|
1722
1832
|
"x-original-maxLength": 1024,
|
|
1723
1833
|
"x-reconciled-from-discovery": true,
|
|
1724
|
-
"x-reconciled-at": "2026-01-
|
|
1834
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792981+00:00"
|
|
1725
1835
|
},
|
|
1726
1836
|
"req_path": {
|
|
1727
1837
|
"type": "string",
|
|
@@ -1758,6 +1868,7 @@
|
|
|
1758
1868
|
"x-validation-rules": {
|
|
1759
1869
|
"ves.io.schema.rules.string.pattern": "^$|^[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}$"
|
|
1760
1870
|
},
|
|
1871
|
+
"x-f5xc-description-short": "Unique identifier for the request route.",
|
|
1761
1872
|
"minLength": 0,
|
|
1762
1873
|
"maxLength": 1024,
|
|
1763
1874
|
"x-f5xc-required-for": {
|
|
@@ -1768,6 +1879,7 @@
|
|
|
1768
1879
|
}
|
|
1769
1880
|
}
|
|
1770
1881
|
},
|
|
1882
|
+
"x-f5xc-description-short": "GET suggested service policy rule to set up WAF rule exclusion for a given WAF security event.",
|
|
1771
1883
|
"x-f5xc-minimum-configuration": {
|
|
1772
1884
|
"description": "Minimum configuration for app_securityGetSuggestedWAFExclusionRuleReq",
|
|
1773
1885
|
"required_fields": [
|
|
@@ -1805,6 +1917,7 @@
|
|
|
1805
1917
|
"x-displayname": "HTTP Load Balancer Name.",
|
|
1806
1918
|
"x-ves-example": "VES-I/O-frontend.",
|
|
1807
1919
|
"x-f5xc-example": "ves-io-frontend",
|
|
1920
|
+
"x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
|
|
1808
1921
|
"minLength": 0,
|
|
1809
1922
|
"maxLength": 16,
|
|
1810
1923
|
"x-f5xc-required-for": {
|
|
@@ -1815,7 +1928,7 @@
|
|
|
1815
1928
|
},
|
|
1816
1929
|
"x-original-maxLength": 1024,
|
|
1817
1930
|
"x-reconciled-from-discovery": true,
|
|
1818
|
-
"x-reconciled-at": "2026-01-
|
|
1931
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792990+00:00"
|
|
1819
1932
|
},
|
|
1820
1933
|
"waf_exclusion_policy": {
|
|
1821
1934
|
"$ref": "#/components/schemas/schemaviewsObjectRefType"
|
|
@@ -1824,6 +1937,7 @@
|
|
|
1824
1937
|
"$ref": "#/components/schemas/policySimpleWafExclusionRule"
|
|
1825
1938
|
}
|
|
1826
1939
|
},
|
|
1940
|
+
"x-f5xc-description-short": "GET suggested service policy rule to set up WAF rule exclusion for a given WAF security event.",
|
|
1827
1941
|
"x-f5xc-minimum-configuration": {
|
|
1828
1942
|
"description": "Minimum configuration for app_securityGetSuggestedWAFExclusionRuleRsp",
|
|
1829
1943
|
"required_fields": [
|
|
@@ -1863,7 +1977,7 @@
|
|
|
1863
1977
|
},
|
|
1864
1978
|
"x-original-maxLength": 1024,
|
|
1865
1979
|
"x-reconciled-from-discovery": true,
|
|
1866
|
-
"x-reconciled-at": "2026-01-
|
|
1980
|
+
"x-reconciled-at": "2026-01-07T15:27:53.792998+00:00"
|
|
1867
1981
|
},
|
|
1868
1982
|
"namespace": {
|
|
1869
1983
|
"type": "string",
|
|
@@ -1882,7 +1996,7 @@
|
|
|
1882
1996
|
},
|
|
1883
1997
|
"x-original-maxLength": 1024,
|
|
1884
1998
|
"x-reconciled-from-discovery": true,
|
|
1885
|
-
"x-reconciled-at": "2026-01-
|
|
1999
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793002+00:00"
|
|
1886
2000
|
},
|
|
1887
2001
|
"request_data": {
|
|
1888
2002
|
"$ref": "#/components/schemas/app_securityRequestData"
|
|
@@ -1891,6 +2005,7 @@
|
|
|
1891
2005
|
"$ref": "#/components/schemas/app_securitySecurityEventsData"
|
|
1892
2006
|
}
|
|
1893
2007
|
},
|
|
2008
|
+
"x-f5xc-description-short": "List of virtual hosts in all the namespaces matching filter provided in the request.",
|
|
1894
2009
|
"x-f5xc-minimum-configuration": {
|
|
1895
2010
|
"description": "Minimum configuration for app_securityLoadbalancerData",
|
|
1896
2011
|
"required_fields": [
|
|
@@ -1919,6 +2034,7 @@
|
|
|
1919
2034
|
"format": "uint64",
|
|
1920
2035
|
"x-displayname": "Count",
|
|
1921
2036
|
"x-f5xc-example": "15",
|
|
2037
|
+
"x-f5xc-description-short": "The number of requests matching the filter for virtual host in the given namespace.",
|
|
1922
2038
|
"minLength": 0,
|
|
1923
2039
|
"maxLength": 1024,
|
|
1924
2040
|
"x-f5xc-required-for": {
|
|
@@ -1936,6 +2052,7 @@
|
|
|
1936
2052
|
"x-displayname": "Maximum time.",
|
|
1937
2053
|
"x-ves-example": "01-01-1970T00:00:00Z.",
|
|
1938
2054
|
"x-f5xc-example": "01-01-1970T00:00:00Z",
|
|
2055
|
+
"x-f5xc-description-short": "Maximum time at which request ID was found.",
|
|
1939
2056
|
"minLength": 0,
|
|
1940
2057
|
"maxLength": 1024,
|
|
1941
2058
|
"x-f5xc-required-for": {
|
|
@@ -1953,6 +2070,7 @@
|
|
|
1953
2070
|
"x-displayname": "Minimum time.",
|
|
1954
2071
|
"x-ves-example": "01-01-1970T00:00:00Z.",
|
|
1955
2072
|
"x-f5xc-example": "01-01-1970T00:00:00Z",
|
|
2073
|
+
"x-f5xc-description-short": "Minimum time at which the request ID was found.",
|
|
1956
2074
|
"minLength": 0,
|
|
1957
2075
|
"maxLength": 1024,
|
|
1958
2076
|
"x-f5xc-required-for": {
|
|
@@ -2016,9 +2134,10 @@
|
|
|
2016
2134
|
"maxLength": 15,
|
|
2017
2135
|
"minLength": 3,
|
|
2018
2136
|
"x-reconciled-from-discovery": true,
|
|
2019
|
-
"x-reconciled-at": "2026-01-
|
|
2137
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793018+00:00"
|
|
2020
2138
|
}
|
|
2021
2139
|
},
|
|
2140
|
+
"x-f5xc-description-short": "Metric label filter can be specified to query specific metrics based on label match.",
|
|
2022
2141
|
"x-f5xc-minimum-configuration": {
|
|
2023
2142
|
"description": "Minimum configuration for app_securitySearchFilter",
|
|
2024
2143
|
"required_fields": [
|
|
@@ -2044,6 +2163,7 @@
|
|
|
2044
2163
|
"default": "REQUEST_ID",
|
|
2045
2164
|
"x-displayname": "Search Label for VH List API.",
|
|
2046
2165
|
"x-ves-proto-enum": "ves.io.schema.app_security.SearchLabel",
|
|
2166
|
+
"x-f5xc-description-short": "List of Virtual Hosts will be returned matching the following labels.",
|
|
2047
2167
|
"x-f5xc-minimum-configuration": {
|
|
2048
2168
|
"description": "Minimum configuration for app_securitySearchLabel",
|
|
2049
2169
|
"required_fields": [],
|
|
@@ -2098,6 +2218,8 @@
|
|
|
2098
2218
|
"x-validation-rules": {
|
|
2099
2219
|
"ves.io.schema.rules.repeated.max_items": "5"
|
|
2100
2220
|
},
|
|
2221
|
+
"x-f5xc-description-short": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the .",
|
|
2222
|
+
"x-f5xc-description-medium": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the . One or more of the following labels can be specified in the label_filter. , `.",
|
|
2101
2223
|
"x-f5xc-required-for": {
|
|
2102
2224
|
"minimum_config": false,
|
|
2103
2225
|
"create": false,
|
|
@@ -2112,6 +2234,7 @@
|
|
|
2112
2234
|
"x-displayname": "Namespace",
|
|
2113
2235
|
"x-ves-example": "Shared",
|
|
2114
2236
|
"x-f5xc-example": "shared",
|
|
2237
|
+
"x-f5xc-description-short": "Namespace of the App type for current request.",
|
|
2115
2238
|
"minLength": 0,
|
|
2116
2239
|
"maxLength": 6,
|
|
2117
2240
|
"x-f5xc-required-for": {
|
|
@@ -2122,9 +2245,11 @@
|
|
|
2122
2245
|
},
|
|
2123
2246
|
"x-original-maxLength": 1024,
|
|
2124
2247
|
"x-reconciled-from-discovery": true,
|
|
2125
|
-
"x-reconciled-at": "2026-01-
|
|
2248
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793025+00:00"
|
|
2126
2249
|
}
|
|
2127
2250
|
},
|
|
2251
|
+
"x-f5xc-description-short": "GET a list of virtual hosts in all the namespaces matching filter provided in the request.",
|
|
2252
|
+
"x-f5xc-description-medium": "GET a list of virtual hosts in all the namespaces matching filter provided in the request. The filter can be a) Request ID b) Source IP.",
|
|
2128
2253
|
"x-f5xc-minimum-configuration": {
|
|
2129
2254
|
"description": "Minimum configuration for app_securitySearchLoadBalancersRequest",
|
|
2130
2255
|
"required_fields": [
|
|
@@ -2155,6 +2280,7 @@
|
|
|
2155
2280
|
"x-displayname": "HTTP Load Balancer List.",
|
|
2156
2281
|
"x-ves-example": "[VES-I/O-frontend\", \"ns1\" , \"1\", \"0\"]",
|
|
2157
2282
|
"x-f5xc-example": "\"[ves-io-frontend\", \"ns1\" , \"1\", \"0\"]\"",
|
|
2283
|
+
"x-f5xc-description-short": "HTTP load balancer list for which the SearchFilter is applied.",
|
|
2158
2284
|
"x-f5xc-required-for": {
|
|
2159
2285
|
"minimum_config": false,
|
|
2160
2286
|
"create": false,
|
|
@@ -2163,6 +2289,7 @@
|
|
|
2163
2289
|
}
|
|
2164
2290
|
}
|
|
2165
2291
|
},
|
|
2292
|
+
"x-f5xc-description-short": "List of virtual hosts in all the namespaces matching filter provided in the request.",
|
|
2166
2293
|
"x-f5xc-minimum-configuration": {
|
|
2167
2294
|
"description": "Minimum configuration for app_securitySearchLoadBalancersResponse",
|
|
2168
2295
|
"required_fields": [
|
|
@@ -2194,6 +2321,7 @@
|
|
|
2194
2321
|
"default": "WAF_SEC_EVENT",
|
|
2195
2322
|
"x-displayname": "Security Event Type.",
|
|
2196
2323
|
"x-ves-proto-enum": "ves.io.schema.app_security.SecEventType",
|
|
2324
|
+
"x-f5xc-description-short": "Security event can be one of the following types.",
|
|
2197
2325
|
"x-f5xc-minimum-configuration": {
|
|
2198
2326
|
"description": "Minimum configuration for app_securitySecEventType",
|
|
2199
2327
|
"required_fields": [],
|
|
@@ -2216,6 +2344,8 @@
|
|
|
2216
2344
|
"description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
|
|
2217
2345
|
"title": "Aggregations.",
|
|
2218
2346
|
"x-displayname": "Aggregations.",
|
|
2347
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
|
|
2348
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
|
|
2219
2349
|
"x-f5xc-required-for": {
|
|
2220
2350
|
"minimum_config": false,
|
|
2221
2351
|
"create": false,
|
|
@@ -2236,6 +2366,8 @@
|
|
|
2236
2366
|
"x-validation-rules": {
|
|
2237
2367
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2238
2368
|
},
|
|
2369
|
+
"x-f5xc-description-short": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated...",
|
|
2370
|
+
"x-f5xc-description-medium": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
2239
2371
|
"minLength": 0,
|
|
2240
2372
|
"maxLength": 1024,
|
|
2241
2373
|
"x-f5xc-required-for": {
|
|
@@ -2252,6 +2384,7 @@
|
|
|
2252
2384
|
"x-displayname": "Namespace",
|
|
2253
2385
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
2254
2386
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
2387
|
+
"x-f5xc-description-short": "Fetch security events for a given namespace.",
|
|
2255
2388
|
"minLength": 0,
|
|
2256
2389
|
"maxLength": 6,
|
|
2257
2390
|
"x-f5xc-required-for": {
|
|
@@ -2262,7 +2395,7 @@
|
|
|
2262
2395
|
},
|
|
2263
2396
|
"x-original-maxLength": 1024,
|
|
2264
2397
|
"x-reconciled-from-discovery": true,
|
|
2265
|
-
"x-reconciled-at": "2026-01-
|
|
2398
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793036+00:00"
|
|
2266
2399
|
},
|
|
2267
2400
|
"query": {
|
|
2268
2401
|
"type": "string",
|
|
@@ -2271,6 +2404,8 @@
|
|
|
2271
2404
|
"x-displayname": "Query",
|
|
2272
2405
|
"x-ves-example": "Query={app_type=\"blogging_app\"}",
|
|
2273
2406
|
"x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
|
|
2407
|
+
"x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
|
|
2408
|
+
"x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security event may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
|
|
2274
2409
|
"minLength": 0,
|
|
2275
2410
|
"maxLength": 1024,
|
|
2276
2411
|
"x-f5xc-required-for": {
|
|
@@ -2293,6 +2428,8 @@
|
|
|
2293
2428
|
"x-validation-rules": {
|
|
2294
2429
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2295
2430
|
},
|
|
2431
|
+
"x-f5xc-description-short": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
|
|
2432
|
+
"x-f5xc-description-medium": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
2296
2433
|
"minLength": 0,
|
|
2297
2434
|
"maxLength": 1024,
|
|
2298
2435
|
"x-f5xc-required-for": {
|
|
@@ -2303,6 +2440,7 @@
|
|
|
2303
2440
|
}
|
|
2304
2441
|
}
|
|
2305
2442
|
},
|
|
2443
|
+
"x-f5xc-description-short": "Request to GET only aggregation data for security events.",
|
|
2306
2444
|
"x-f5xc-minimum-configuration": {
|
|
2307
2445
|
"description": "Minimum configuration for app_securitySecurityEventsAggregationRequest",
|
|
2308
2446
|
"required_fields": [
|
|
@@ -2331,6 +2469,8 @@
|
|
|
2331
2469
|
"description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregation data is key'ed with the aggregation name specified in the request.",
|
|
2332
2470
|
"title": "Aggregations.",
|
|
2333
2471
|
"x-displayname": "Aggregations.",
|
|
2472
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
|
|
2473
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key'ed with the...",
|
|
2334
2474
|
"x-f5xc-required-for": {
|
|
2335
2475
|
"minimum_config": false,
|
|
2336
2476
|
"create": false,
|
|
@@ -2346,6 +2486,7 @@
|
|
|
2346
2486
|
"x-displayname": "Total Hits.",
|
|
2347
2487
|
"x-ves-example": "0",
|
|
2348
2488
|
"x-f5xc-example": "0",
|
|
2489
|
+
"x-f5xc-description-short": "Total number of security events that matched the query.",
|
|
2349
2490
|
"minLength": 0,
|
|
2350
2491
|
"maxLength": 1024,
|
|
2351
2492
|
"x-f5xc-required-for": {
|
|
@@ -2356,6 +2497,7 @@
|
|
|
2356
2497
|
}
|
|
2357
2498
|
}
|
|
2358
2499
|
},
|
|
2500
|
+
"x-f5xc-description-short": "Response message for SecurityEventsAggregationRequest.",
|
|
2359
2501
|
"x-f5xc-minimum-configuration": {
|
|
2360
2502
|
"description": "Minimum configuration for app_securitySecurityEventsAggregationResponse",
|
|
2361
2503
|
"required_fields": [
|
|
@@ -2389,6 +2531,8 @@
|
|
|
2389
2531
|
"x-validation-rules": {
|
|
2390
2532
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2391
2533
|
},
|
|
2534
|
+
"x-f5xc-description-short": "End time of metric collection from which data will be considered.",
|
|
2535
|
+
"x-f5xc-description-medium": "End time of metric collection from which data will be considered. Format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
2392
2536
|
"minLength": 0,
|
|
2393
2537
|
"maxLength": 1024,
|
|
2394
2538
|
"x-f5xc-required-for": {
|
|
@@ -2406,6 +2550,8 @@
|
|
|
2406
2550
|
"$ref": "#/components/schemas/metricsSecurityMetricLabel"
|
|
2407
2551
|
},
|
|
2408
2552
|
"x-displayname": "Group By",
|
|
2553
|
+
"x-f5xc-description-short": "Aggregate data by one or more labels listed here. , , , , . Optional: If not specified, then the security events are aggregated/grouped by , .",
|
|
2554
|
+
"x-f5xc-description-medium": "Aggregate data by one or more labels listed here. , , , , . Optional: If not specified, then the security events are aggregated/grouped by , .",
|
|
2409
2555
|
"x-f5xc-required-for": {
|
|
2410
2556
|
"minimum_config": false,
|
|
2411
2557
|
"create": false,
|
|
@@ -2421,6 +2567,8 @@
|
|
|
2421
2567
|
"$ref": "#/components/schemas/metricsSecurityMetricLabelFilter"
|
|
2422
2568
|
},
|
|
2423
2569
|
"x-displayname": "Label Filter.",
|
|
2570
|
+
"x-f5xc-description-short": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the .",
|
|
2571
|
+
"x-f5xc-description-medium": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the . One or more of the following labels can be specified in the label_filter. , , , .",
|
|
2424
2572
|
"x-f5xc-required-for": {
|
|
2425
2573
|
"minimum_config": false,
|
|
2426
2574
|
"create": false,
|
|
@@ -2435,6 +2583,7 @@
|
|
|
2435
2583
|
"x-displayname": "Namespace",
|
|
2436
2584
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
2437
2585
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
2586
|
+
"x-f5xc-description-short": "Namespace is used to scope the security events for the given namespace.",
|
|
2438
2587
|
"minLength": 0,
|
|
2439
2588
|
"maxLength": 6,
|
|
2440
2589
|
"x-f5xc-required-for": {
|
|
@@ -2445,7 +2594,7 @@
|
|
|
2445
2594
|
},
|
|
2446
2595
|
"x-original-maxLength": 1024,
|
|
2447
2596
|
"x-reconciled-from-discovery": true,
|
|
2448
|
-
"x-reconciled-at": "2026-01-
|
|
2597
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793052+00:00"
|
|
2449
2598
|
},
|
|
2450
2599
|
"start_time": {
|
|
2451
2600
|
"type": "string",
|
|
@@ -2460,6 +2609,8 @@
|
|
|
2460
2609
|
"x-validation-rules": {
|
|
2461
2610
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2462
2611
|
},
|
|
2612
|
+
"x-f5xc-description-short": "Start time of metric collection from which data will be considered.",
|
|
2613
|
+
"x-f5xc-description-medium": "Start time of metric collection from which data will be considered. Format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
2463
2614
|
"minLength": 0,
|
|
2464
2615
|
"maxLength": 1024,
|
|
2465
2616
|
"x-f5xc-required-for": {
|
|
@@ -2482,6 +2633,8 @@
|
|
|
2482
2633
|
"x-validation-rules": {
|
|
2483
2634
|
"ves.io.schema.rules.string.query_step": "true"
|
|
2484
2635
|
},
|
|
2636
|
+
"x-f5xc-description-short": "Step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.",
|
|
2637
|
+
"x-f5xc-description-medium": "Step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
|
|
2485
2638
|
"minLength": 0,
|
|
2486
2639
|
"maxLength": 1024,
|
|
2487
2640
|
"x-f5xc-required-for": {
|
|
@@ -2492,6 +2645,7 @@
|
|
|
2492
2645
|
}
|
|
2493
2646
|
}
|
|
2494
2647
|
},
|
|
2648
|
+
"x-f5xc-description-short": "Request to GET number of security events for a given namespace.",
|
|
2495
2649
|
"x-f5xc-minimum-configuration": {
|
|
2496
2650
|
"description": "Minimum configuration for app_securitySecurityEventsCountRequest",
|
|
2497
2651
|
"required_fields": [
|
|
@@ -2524,6 +2678,7 @@
|
|
|
2524
2678
|
"$ref": "#/components/schemas/metricsSecurityEventsCounter"
|
|
2525
2679
|
},
|
|
2526
2680
|
"x-displayname": "Security events counter data.",
|
|
2681
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
2527
2682
|
"x-f5xc-required-for": {
|
|
2528
2683
|
"minimum_config": false,
|
|
2529
2684
|
"create": false,
|
|
@@ -2544,6 +2699,8 @@
|
|
|
2544
2699
|
"x-validation-rules": {
|
|
2545
2700
|
"ves.io.schema.rules.string.time_interval": "true"
|
|
2546
2701
|
},
|
|
2702
|
+
"x-f5xc-description-short": "Actual step size used in the response. It could be higher than the requested step due to metric rollups and the query duration.",
|
|
2703
|
+
"x-f5xc-description-medium": "Actual step size used in the response. It could be higher than the requested step due to metric rollups and the query duration. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
|
|
2547
2704
|
"minLength": 0,
|
|
2548
2705
|
"maxLength": 1024,
|
|
2549
2706
|
"x-f5xc-required-for": {
|
|
@@ -2554,6 +2711,8 @@
|
|
|
2554
2711
|
}
|
|
2555
2712
|
}
|
|
2556
2713
|
},
|
|
2714
|
+
"x-f5xc-description-short": "Number of security events for each unique combination of group_by labels in the SecurityEventsCountRequest.",
|
|
2715
|
+
"x-f5xc-description-medium": "Number of security events for each unique combination of group_by labels in the SecurityEventsCountRequest.",
|
|
2557
2716
|
"x-f5xc-minimum-configuration": {
|
|
2558
2717
|
"description": "Minimum configuration for app_securitySecurityEventsCountResponse",
|
|
2559
2718
|
"required_fields": [
|
|
@@ -2580,6 +2739,7 @@
|
|
|
2580
2739
|
"format": "uint64",
|
|
2581
2740
|
"x-displayname": "Count",
|
|
2582
2741
|
"x-f5xc-example": "15",
|
|
2742
|
+
"x-f5xc-description-short": "The number of security events for virtual host in the given namespace.",
|
|
2583
2743
|
"minLength": 0,
|
|
2584
2744
|
"maxLength": 1024,
|
|
2585
2745
|
"x-f5xc-required-for": {
|
|
@@ -2597,6 +2757,7 @@
|
|
|
2597
2757
|
"x-displayname": "Maximum time.",
|
|
2598
2758
|
"x-ves-example": "01-01-1970T00:00:00Z.",
|
|
2599
2759
|
"x-f5xc-example": "01-01-1970T00:00:00Z",
|
|
2760
|
+
"x-f5xc-description-short": "Maximum start time at which security event was found.",
|
|
2600
2761
|
"minLength": 0,
|
|
2601
2762
|
"maxLength": 1024,
|
|
2602
2763
|
"x-f5xc-required-for": {
|
|
@@ -2614,6 +2775,7 @@
|
|
|
2614
2775
|
"x-displayname": "Minimum time.",
|
|
2615
2776
|
"x-ves-example": "01-01-1970T00:00:00Z.",
|
|
2616
2777
|
"x-f5xc-example": "01-01-1970T00:00:00Z",
|
|
2778
|
+
"x-f5xc-description-short": "Minimum time at which the secuirty event was found.",
|
|
2617
2779
|
"minLength": 0,
|
|
2618
2780
|
"maxLength": 1024,
|
|
2619
2781
|
"x-f5xc-required-for": {
|
|
@@ -2650,6 +2812,8 @@
|
|
|
2650
2812
|
"description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
|
|
2651
2813
|
"title": "Aggregations.",
|
|
2652
2814
|
"x-displayname": "Aggregations.",
|
|
2815
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
|
|
2816
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
|
|
2653
2817
|
"x-f5xc-required-for": {
|
|
2654
2818
|
"minimum_config": false,
|
|
2655
2819
|
"create": false,
|
|
@@ -2670,6 +2834,8 @@
|
|
|
2670
2834
|
"x-validation-rules": {
|
|
2671
2835
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2672
2836
|
},
|
|
2837
|
+
"x-f5xc-description-short": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated...",
|
|
2838
|
+
"x-f5xc-description-medium": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
2673
2839
|
"minLength": 0,
|
|
2674
2840
|
"maxLength": 1024,
|
|
2675
2841
|
"x-f5xc-required-for": {
|
|
@@ -2687,6 +2853,8 @@
|
|
|
2687
2853
|
"x-displayname": "Limit",
|
|
2688
2854
|
"x-ves-example": "100",
|
|
2689
2855
|
"x-f5xc-example": "100",
|
|
2856
|
+
"x-f5xc-description-short": "Limits the number of security events returned in the response Optional: If not specified, first or last 500 security events that matches the query...",
|
|
2857
|
+
"x-f5xc-description-medium": "Limits the number of security events returned in the response Optional: If not specified, first or last 500 security events that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.",
|
|
2690
2858
|
"minimum": 0,
|
|
2691
2859
|
"maximum": 2147483647,
|
|
2692
2860
|
"x-f5xc-required-for": {
|
|
@@ -2703,6 +2871,7 @@
|
|
|
2703
2871
|
"x-displayname": "Namespace",
|
|
2704
2872
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
2705
2873
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
2874
|
+
"x-f5xc-description-short": "Fetch security events for a given namespace.",
|
|
2706
2875
|
"minLength": 0,
|
|
2707
2876
|
"maxLength": 6,
|
|
2708
2877
|
"x-f5xc-required-for": {
|
|
@@ -2713,7 +2882,7 @@
|
|
|
2713
2882
|
},
|
|
2714
2883
|
"x-original-maxLength": 1024,
|
|
2715
2884
|
"x-reconciled-from-discovery": true,
|
|
2716
|
-
"x-reconciled-at": "2026-01-
|
|
2885
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793072+00:00"
|
|
2717
2886
|
},
|
|
2718
2887
|
"query": {
|
|
2719
2888
|
"type": "string",
|
|
@@ -2722,6 +2891,8 @@
|
|
|
2722
2891
|
"x-displayname": "Query",
|
|
2723
2892
|
"x-ves-example": "Query={app_type=\"blogging_app\"}",
|
|
2724
2893
|
"x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
|
|
2894
|
+
"x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
|
|
2895
|
+
"x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security event may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
|
|
2725
2896
|
"minLength": 0,
|
|
2726
2897
|
"maxLength": 1024,
|
|
2727
2898
|
"x-f5xc-required-for": {
|
|
@@ -2739,6 +2910,8 @@
|
|
|
2739
2910
|
"x-displayname": "Scroll",
|
|
2740
2911
|
"x-ves-example": "True",
|
|
2741
2912
|
"x-f5xc-example": "true",
|
|
2913
|
+
"x-f5xc-description-short": "Scroll is used to retrieve large number of security events (or all security events) that matches the query.",
|
|
2914
|
+
"x-f5xc-description-medium": "Scroll is used to retrieve large number of security events (or all security events) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of security events until there are no more security events left to return. The...",
|
|
2742
2915
|
"x-f5xc-required-for": {
|
|
2743
2916
|
"minimum_config": false,
|
|
2744
2917
|
"create": false,
|
|
@@ -2754,6 +2927,8 @@
|
|
|
2754
2927
|
"description": "Optional: default is sort by last_event_time.",
|
|
2755
2928
|
"title": "Sort by",
|
|
2756
2929
|
"x-displayname": "Sort By",
|
|
2930
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
2931
|
+
"x-f5xc-description-short": "Optional: default is sort by last_event_time.",
|
|
2757
2932
|
"minLength": 0,
|
|
2758
2933
|
"maxLength": 1024,
|
|
2759
2934
|
"x-f5xc-required-for": {
|
|
@@ -2776,6 +2951,8 @@
|
|
|
2776
2951
|
"x-validation-rules": {
|
|
2777
2952
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2778
2953
|
},
|
|
2954
|
+
"x-f5xc-description-short": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
|
|
2955
|
+
"x-f5xc-description-medium": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
2779
2956
|
"minLength": 0,
|
|
2780
2957
|
"maxLength": 1024,
|
|
2781
2958
|
"x-f5xc-required-for": {
|
|
@@ -2818,6 +2995,8 @@
|
|
|
2818
2995
|
"description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
|
|
2819
2996
|
"title": "Aggregations.",
|
|
2820
2997
|
"x-displayname": "Aggregations.",
|
|
2998
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
|
|
2999
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
|
|
2821
3000
|
"x-f5xc-required-for": {
|
|
2822
3001
|
"minimum_config": false,
|
|
2823
3002
|
"create": false,
|
|
@@ -2835,6 +3014,7 @@
|
|
|
2835
3014
|
"x-displayname": "Events",
|
|
2836
3015
|
"x-ves-example": "Value",
|
|
2837
3016
|
"x-f5xc-example": "value",
|
|
3017
|
+
"x-f5xc-description-short": "List of security events that matched the query. Contains no more than 500 messages.",
|
|
2838
3018
|
"x-f5xc-required-for": {
|
|
2839
3019
|
"minimum_config": false,
|
|
2840
3020
|
"create": false,
|
|
@@ -2849,6 +3029,8 @@
|
|
|
2849
3029
|
"x-displayname": "Scroll ID",
|
|
2850
3030
|
"x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
|
|
2851
3031
|
"x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
|
|
3032
|
+
"x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve the next batch of security events using the scroll request.",
|
|
3033
|
+
"x-f5xc-description-medium": "Long Base-64 encoded string which can be used to retrieve the next batch of security events using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF).",
|
|
2852
3034
|
"minLength": 0,
|
|
2853
3035
|
"maxLength": 1024,
|
|
2854
3036
|
"x-f5xc-required-for": {
|
|
@@ -2867,6 +3049,7 @@
|
|
|
2867
3049
|
"x-displayname": "Total Hits.",
|
|
2868
3050
|
"x-ves-example": "0",
|
|
2869
3051
|
"x-f5xc-example": "0",
|
|
3052
|
+
"x-f5xc-description-short": "Total number of security events that matched the query.",
|
|
2870
3053
|
"minLength": 0,
|
|
2871
3054
|
"maxLength": 1024,
|
|
2872
3055
|
"x-f5xc-required-for": {
|
|
@@ -2877,6 +3060,7 @@
|
|
|
2877
3060
|
}
|
|
2878
3061
|
}
|
|
2879
3062
|
},
|
|
3063
|
+
"x-f5xc-description-short": "Response message for SecurityEventsRequest/SecurityEventsScrollRequest.",
|
|
2880
3064
|
"x-f5xc-minimum-configuration": {
|
|
2881
3065
|
"description": "Minimum configuration for app_securitySecurityEventsResponse",
|
|
2882
3066
|
"required_fields": [
|
|
@@ -2906,6 +3090,7 @@
|
|
|
2906
3090
|
"x-displayname": "Namespace",
|
|
2907
3091
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
2908
3092
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
3093
|
+
"x-f5xc-description-short": "Fetch the WAF security events scoped by namespace.",
|
|
2909
3094
|
"minLength": 0,
|
|
2910
3095
|
"maxLength": 6,
|
|
2911
3096
|
"x-f5xc-required-for": {
|
|
@@ -2916,7 +3101,7 @@
|
|
|
2916
3101
|
},
|
|
2917
3102
|
"x-original-maxLength": 1024,
|
|
2918
3103
|
"x-reconciled-from-discovery": true,
|
|
2919
|
-
"x-reconciled-at": "2026-01-
|
|
3104
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793090+00:00"
|
|
2920
3105
|
},
|
|
2921
3106
|
"scroll_id": {
|
|
2922
3107
|
"type": "string",
|
|
@@ -2925,6 +3110,7 @@
|
|
|
2925
3110
|
"x-displayname": "Scroll ID",
|
|
2926
3111
|
"x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
|
|
2927
3112
|
"x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
|
|
3113
|
+
"x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve next batch of security events.",
|
|
2928
3114
|
"minLength": 0,
|
|
2929
3115
|
"maxLength": 1024,
|
|
2930
3116
|
"x-f5xc-required-for": {
|
|
@@ -2936,6 +3122,8 @@
|
|
|
2936
3122
|
"x-field-mutability": "read-only"
|
|
2937
3123
|
}
|
|
2938
3124
|
},
|
|
3125
|
+
"x-f5xc-description-short": "Scroll request is used to fetch large number of security events in multiple batches with each SecurityEventsResponse containing no more than 500...",
|
|
3126
|
+
"x-f5xc-description-medium": "Scroll request is used to fetch large number of security events in multiple batches with each SecurityEventsResponse containing no more than 500 messages. To scroll through more than 500 or all WAF security events, one can use the SecurityEventScrollRequest. Use the scroll_id returned in the...",
|
|
2939
3127
|
"x-f5xc-minimum-configuration": {
|
|
2940
3128
|
"description": "Minimum configuration for app_securitySecurityEventsScrollRequest",
|
|
2941
3129
|
"required_fields": [
|
|
@@ -2961,6 +3149,8 @@
|
|
|
2961
3149
|
"description": "Aggregations provide summary/analytics data over security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations. The aggregations are key'ed by user-defined aggregation name.\nThe response will be key'ed with the same name.\nOptional.",
|
|
2962
3150
|
"title": "Aggregations.",
|
|
2963
3151
|
"x-displayname": "Aggregations.",
|
|
3152
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over security incidents response.",
|
|
3153
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
|
|
2964
3154
|
"x-f5xc-required-for": {
|
|
2965
3155
|
"minimum_config": false,
|
|
2966
3156
|
"create": false,
|
|
@@ -2981,6 +3171,8 @@
|
|
|
2981
3171
|
"x-validation-rules": {
|
|
2982
3172
|
"ves.io.schema.rules.string.query_time": "true"
|
|
2983
3173
|
},
|
|
3174
|
+
"x-f5xc-description-short": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
|
|
3175
|
+
"x-f5xc-description-medium": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
2984
3176
|
"minLength": 0,
|
|
2985
3177
|
"maxLength": 1024,
|
|
2986
3178
|
"x-f5xc-required-for": {
|
|
@@ -2997,6 +3189,7 @@
|
|
|
2997
3189
|
"x-displayname": "Namespace",
|
|
2998
3190
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
2999
3191
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
3192
|
+
"x-f5xc-description-short": "Fetch security incidents for a given namespace.",
|
|
3000
3193
|
"minLength": 0,
|
|
3001
3194
|
"maxLength": 6,
|
|
3002
3195
|
"x-f5xc-required-for": {
|
|
@@ -3007,7 +3200,7 @@
|
|
|
3007
3200
|
},
|
|
3008
3201
|
"x-original-maxLength": 1024,
|
|
3009
3202
|
"x-reconciled-from-discovery": true,
|
|
3010
|
-
"x-reconciled-at": "2026-01-
|
|
3203
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793099+00:00"
|
|
3011
3204
|
},
|
|
3012
3205
|
"query": {
|
|
3013
3206
|
"type": "string",
|
|
@@ -3016,6 +3209,8 @@
|
|
|
3016
3209
|
"x-displayname": "Query",
|
|
3017
3210
|
"x-ves-example": "Query={app_type=\"blogging_app\"}",
|
|
3018
3211
|
"x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
|
|
3212
|
+
"x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
|
|
3213
|
+
"x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security event may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
|
|
3019
3214
|
"minLength": 0,
|
|
3020
3215
|
"maxLength": 1024,
|
|
3021
3216
|
"x-f5xc-required-for": {
|
|
@@ -3038,6 +3233,8 @@
|
|
|
3038
3233
|
"x-validation-rules": {
|
|
3039
3234
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3040
3235
|
},
|
|
3236
|
+
"x-f5xc-description-short": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
|
|
3237
|
+
"x-f5xc-description-medium": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
3041
3238
|
"minLength": 0,
|
|
3042
3239
|
"maxLength": 1024,
|
|
3043
3240
|
"x-f5xc-required-for": {
|
|
@@ -3048,6 +3245,7 @@
|
|
|
3048
3245
|
}
|
|
3049
3246
|
}
|
|
3050
3247
|
},
|
|
3248
|
+
"x-f5xc-description-short": "Request to GET only aggregation data for security incidents.",
|
|
3051
3249
|
"x-f5xc-minimum-configuration": {
|
|
3052
3250
|
"description": "Minimum configuration for app_securitySecurityIncidentsAggregationRequest",
|
|
3053
3251
|
"required_fields": [
|
|
@@ -3076,6 +3274,8 @@
|
|
|
3076
3274
|
"description": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations. The aggregation data is key'ed with the aggregation name specified in the request.",
|
|
3077
3275
|
"title": "Aggregations.",
|
|
3078
3276
|
"x-displayname": "Aggregations.",
|
|
3277
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security incidents response.",
|
|
3278
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key'ed with...",
|
|
3079
3279
|
"x-f5xc-required-for": {
|
|
3080
3280
|
"minimum_config": false,
|
|
3081
3281
|
"create": false,
|
|
@@ -3091,6 +3291,7 @@
|
|
|
3091
3291
|
"x-displayname": "Total Hits.",
|
|
3092
3292
|
"x-ves-example": "0",
|
|
3093
3293
|
"x-f5xc-example": "0",
|
|
3294
|
+
"x-f5xc-description-short": "Total number of security incidents that matched the query.",
|
|
3094
3295
|
"minLength": 0,
|
|
3095
3296
|
"maxLength": 1024,
|
|
3096
3297
|
"x-f5xc-required-for": {
|
|
@@ -3101,6 +3302,7 @@
|
|
|
3101
3302
|
}
|
|
3102
3303
|
}
|
|
3103
3304
|
},
|
|
3305
|
+
"x-f5xc-description-short": "Response message for SecurityIncidentsAggregationRequest.",
|
|
3104
3306
|
"x-f5xc-minimum-configuration": {
|
|
3105
3307
|
"description": "Minimum configuration for app_securitySecurityIncidentsAggregationResponse",
|
|
3106
3308
|
"required_fields": [
|
|
@@ -3126,6 +3328,8 @@
|
|
|
3126
3328
|
"description": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations. The aggregations are key'ed by user-defined aggregation name. The response\nwill be key'ed with the same name.\nOptional.",
|
|
3127
3329
|
"title": "Aggregations.",
|
|
3128
3330
|
"x-displayname": "Aggregations.",
|
|
3331
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security incidents response.",
|
|
3332
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
|
|
3129
3333
|
"x-f5xc-required-for": {
|
|
3130
3334
|
"minimum_config": false,
|
|
3131
3335
|
"create": false,
|
|
@@ -3146,6 +3350,8 @@
|
|
|
3146
3350
|
"x-validation-rules": {
|
|
3147
3351
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3148
3352
|
},
|
|
3353
|
+
"x-f5xc-description-short": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
|
|
3354
|
+
"x-f5xc-description-medium": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
3149
3355
|
"minLength": 0,
|
|
3150
3356
|
"maxLength": 1024,
|
|
3151
3357
|
"x-f5xc-required-for": {
|
|
@@ -3163,6 +3369,8 @@
|
|
|
3163
3369
|
"x-displayname": "Limit",
|
|
3164
3370
|
"x-ves-example": "100",
|
|
3165
3371
|
"x-f5xc-example": "100",
|
|
3372
|
+
"x-f5xc-description-short": "Limits the number of security incidents returned in the response Optional: If not specified, first or last 500 security events that matches the...",
|
|
3373
|
+
"x-f5xc-description-medium": "Limits the number of security incidents returned in the response Optional: If not specified, first or last 500 security events that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.",
|
|
3166
3374
|
"minimum": 0,
|
|
3167
3375
|
"maximum": 2147483647,
|
|
3168
3376
|
"x-f5xc-required-for": {
|
|
@@ -3179,6 +3387,7 @@
|
|
|
3179
3387
|
"x-displayname": "Namespace",
|
|
3180
3388
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
3181
3389
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
3390
|
+
"x-f5xc-description-short": "Fetch security incidents for a given namespace.",
|
|
3182
3391
|
"minLength": 0,
|
|
3183
3392
|
"maxLength": 6,
|
|
3184
3393
|
"x-f5xc-required-for": {
|
|
@@ -3189,7 +3398,7 @@
|
|
|
3189
3398
|
},
|
|
3190
3399
|
"x-original-maxLength": 1024,
|
|
3191
3400
|
"x-reconciled-from-discovery": true,
|
|
3192
|
-
"x-reconciled-at": "2026-01-
|
|
3401
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793114+00:00"
|
|
3193
3402
|
},
|
|
3194
3403
|
"query": {
|
|
3195
3404
|
"type": "string",
|
|
@@ -3198,6 +3407,8 @@
|
|
|
3198
3407
|
"x-displayname": "Query",
|
|
3199
3408
|
"x-ves-example": "Query={app_type=\"blogging_app\"}",
|
|
3200
3409
|
"x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
|
|
3410
|
+
"x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
|
|
3411
|
+
"x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security incident may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
|
|
3201
3412
|
"minLength": 0,
|
|
3202
3413
|
"maxLength": 1024,
|
|
3203
3414
|
"x-f5xc-required-for": {
|
|
@@ -3215,6 +3426,8 @@
|
|
|
3215
3426
|
"x-displayname": "Scroll",
|
|
3216
3427
|
"x-ves-example": "True",
|
|
3217
3428
|
"x-f5xc-example": "true",
|
|
3429
|
+
"x-f5xc-description-short": "Scroll is used to retrieve large number of security incidents (or all security incidents) that matches the query.",
|
|
3430
|
+
"x-f5xc-description-medium": "Scroll is used to retrieve large number of security incidents (or all security incidents) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of security events until there are no more security events left to...",
|
|
3218
3431
|
"x-f5xc-required-for": {
|
|
3219
3432
|
"minimum_config": false,
|
|
3220
3433
|
"create": false,
|
|
@@ -3230,6 +3443,8 @@
|
|
|
3230
3443
|
"description": "Optional: default is sort by last_event_time.",
|
|
3231
3444
|
"title": "Sort by",
|
|
3232
3445
|
"x-displayname": "Sort By",
|
|
3446
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
3447
|
+
"x-f5xc-description-short": "Optional: default is sort by last_event_time.",
|
|
3233
3448
|
"minLength": 0,
|
|
3234
3449
|
"maxLength": 1024,
|
|
3235
3450
|
"x-f5xc-required-for": {
|
|
@@ -3252,6 +3467,8 @@
|
|
|
3252
3467
|
"x-validation-rules": {
|
|
3253
3468
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3254
3469
|
},
|
|
3470
|
+
"x-f5xc-description-short": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
|
|
3471
|
+
"x-f5xc-description-medium": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
3255
3472
|
"minLength": 0,
|
|
3256
3473
|
"maxLength": 1024,
|
|
3257
3474
|
"x-f5xc-required-for": {
|
|
@@ -3294,6 +3511,8 @@
|
|
|
3294
3511
|
"description": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations.",
|
|
3295
3512
|
"title": "Aggregations.",
|
|
3296
3513
|
"x-displayname": "Aggregations.",
|
|
3514
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security incidents response.",
|
|
3515
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
|
|
3297
3516
|
"x-f5xc-required-for": {
|
|
3298
3517
|
"minimum_config": false,
|
|
3299
3518
|
"create": false,
|
|
@@ -3311,6 +3530,7 @@
|
|
|
3311
3530
|
"x-displayname": "Incidents",
|
|
3312
3531
|
"x-ves-example": "Value",
|
|
3313
3532
|
"x-f5xc-example": "value",
|
|
3533
|
+
"x-f5xc-description-short": "List of security incidents that matched the query. Contains no more than 500 messages.",
|
|
3314
3534
|
"x-f5xc-required-for": {
|
|
3315
3535
|
"minimum_config": false,
|
|
3316
3536
|
"create": false,
|
|
@@ -3325,6 +3545,8 @@
|
|
|
3325
3545
|
"x-displayname": "Scroll ID",
|
|
3326
3546
|
"x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
|
|
3327
3547
|
"x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
|
|
3548
|
+
"x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve the next batch of security incidents using the scroll request.",
|
|
3549
|
+
"x-f5xc-description-medium": "Long Base-64 encoded string which can be used to retrieve the next batch of security incidents using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF).",
|
|
3328
3550
|
"minLength": 0,
|
|
3329
3551
|
"maxLength": 1024,
|
|
3330
3552
|
"x-f5xc-required-for": {
|
|
@@ -3343,6 +3565,7 @@
|
|
|
3343
3565
|
"x-displayname": "Total Hits.",
|
|
3344
3566
|
"x-ves-example": "0",
|
|
3345
3567
|
"x-f5xc-example": "0",
|
|
3568
|
+
"x-f5xc-description-short": "Total number of security events that matched the query.",
|
|
3346
3569
|
"minLength": 0,
|
|
3347
3570
|
"maxLength": 1024,
|
|
3348
3571
|
"x-f5xc-required-for": {
|
|
@@ -3353,6 +3576,7 @@
|
|
|
3353
3576
|
}
|
|
3354
3577
|
}
|
|
3355
3578
|
},
|
|
3579
|
+
"x-f5xc-description-short": "Response message for SecurityIncidentsRequest/SecurityIncidentsScrollRequest.",
|
|
3356
3580
|
"x-f5xc-minimum-configuration": {
|
|
3357
3581
|
"description": "Minimum configuration for app_securitySecurityIncidentsResponse",
|
|
3358
3582
|
"required_fields": [
|
|
@@ -3382,6 +3606,7 @@
|
|
|
3382
3606
|
"x-displayname": "Namespace",
|
|
3383
3607
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
3384
3608
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
3609
|
+
"x-f5xc-description-short": "Fetch security incidents for a given namespace.",
|
|
3385
3610
|
"minLength": 0,
|
|
3386
3611
|
"maxLength": 6,
|
|
3387
3612
|
"x-f5xc-required-for": {
|
|
@@ -3392,7 +3617,7 @@
|
|
|
3392
3617
|
},
|
|
3393
3618
|
"x-original-maxLength": 1024,
|
|
3394
3619
|
"x-reconciled-from-discovery": true,
|
|
3395
|
-
"x-reconciled-at": "2026-01-
|
|
3620
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793132+00:00"
|
|
3396
3621
|
},
|
|
3397
3622
|
"scroll_id": {
|
|
3398
3623
|
"type": "string",
|
|
@@ -3401,6 +3626,7 @@
|
|
|
3401
3626
|
"x-displayname": "Scroll ID",
|
|
3402
3627
|
"x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
|
|
3403
3628
|
"x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
|
|
3629
|
+
"x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve next batch of security events.",
|
|
3404
3630
|
"minLength": 0,
|
|
3405
3631
|
"maxLength": 1024,
|
|
3406
3632
|
"x-f5xc-required-for": {
|
|
@@ -3412,6 +3638,8 @@
|
|
|
3412
3638
|
"x-field-mutability": "read-only"
|
|
3413
3639
|
}
|
|
3414
3640
|
},
|
|
3641
|
+
"x-f5xc-description-short": "Scroll request is used to fetch large number of security incidents in multiple batches with each SecurityIncidentsResponse containing no more than...",
|
|
3642
|
+
"x-f5xc-description-medium": "Scroll request is used to fetch large number of security incidents in multiple batches with each SecurityIncidentsResponse containing no more than 500 messages. To scroll through more than 500 or all security incidents, one can use the SecurityIncidentsScrollRequest. Use the scroll_id returned...",
|
|
3415
3643
|
"x-f5xc-minimum-configuration": {
|
|
3416
3644
|
"description": "Minimum configuration for app_securitySecurityIncidentsScrollRequest",
|
|
3417
3645
|
"required_fields": [
|
|
@@ -3437,6 +3665,8 @@
|
|
|
3437
3665
|
"description": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
|
|
3438
3666
|
"title": "Aggregations.",
|
|
3439
3667
|
"x-displayname": "Aggregations.",
|
|
3668
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the suspicious user logs response.",
|
|
3669
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by user-defined...",
|
|
3440
3670
|
"x-f5xc-required-for": {
|
|
3441
3671
|
"minimum_config": false,
|
|
3442
3672
|
"create": false,
|
|
@@ -3457,6 +3687,8 @@
|
|
|
3457
3687
|
"x-validation-rules": {
|
|
3458
3688
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3459
3689
|
},
|
|
3690
|
+
"x-f5xc-description-short": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
|
|
3691
|
+
"x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
3460
3692
|
"minLength": 0,
|
|
3461
3693
|
"maxLength": 1024,
|
|
3462
3694
|
"x-f5xc-required-for": {
|
|
@@ -3473,6 +3705,7 @@
|
|
|
3473
3705
|
"x-displayname": "Namespace",
|
|
3474
3706
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
3475
3707
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
3708
|
+
"x-f5xc-description-short": "Fetch suspicious user logs for a given namespace.",
|
|
3476
3709
|
"minLength": 0,
|
|
3477
3710
|
"maxLength": 6,
|
|
3478
3711
|
"x-f5xc-required-for": {
|
|
@@ -3483,7 +3716,7 @@
|
|
|
3483
3716
|
},
|
|
3484
3717
|
"x-original-maxLength": 1024,
|
|
3485
3718
|
"x-reconciled-from-discovery": true,
|
|
3486
|
-
"x-reconciled-at": "2026-01-
|
|
3719
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793140+00:00"
|
|
3487
3720
|
},
|
|
3488
3721
|
"query": {
|
|
3489
3722
|
"type": "string",
|
|
@@ -3492,6 +3725,8 @@
|
|
|
3492
3725
|
"x-displayname": "Query",
|
|
3493
3726
|
"x-ves-example": "Query={vh_name=\"vh-1\", site=\"CE-01\"}",
|
|
3494
3727
|
"x-f5xc-example": "\"query={vh_name=\"vh-1\", site=\"ce-01\"}\"",
|
|
3728
|
+
"x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
|
|
3729
|
+
"x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the suspicious user logs may be specified in the query. Vh_name - name of the virtual host user - user ID site ...",
|
|
3495
3730
|
"minLength": 0,
|
|
3496
3731
|
"maxLength": 1024,
|
|
3497
3732
|
"x-f5xc-required-for": {
|
|
@@ -3514,6 +3749,8 @@
|
|
|
3514
3749
|
"x-validation-rules": {
|
|
3515
3750
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3516
3751
|
},
|
|
3752
|
+
"x-f5xc-description-short": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
|
|
3753
|
+
"x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
3517
3754
|
"minLength": 0,
|
|
3518
3755
|
"maxLength": 1024,
|
|
3519
3756
|
"x-f5xc-required-for": {
|
|
@@ -3524,6 +3761,7 @@
|
|
|
3524
3761
|
}
|
|
3525
3762
|
}
|
|
3526
3763
|
},
|
|
3764
|
+
"x-f5xc-description-short": "Request to GET only aggregation data for suspicious user logs.",
|
|
3527
3765
|
"x-f5xc-minimum-configuration": {
|
|
3528
3766
|
"description": "Minimum configuration for app_securitySuspiciousUserLogsAggregationRequest",
|
|
3529
3767
|
"required_fields": [
|
|
@@ -3552,6 +3790,8 @@
|
|
|
3552
3790
|
"description": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregation data is key'ed with the aggregation name specified in the request.",
|
|
3553
3791
|
"title": "Aggregations.",
|
|
3554
3792
|
"x-displayname": "Aggregations.",
|
|
3793
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the suspicious user logs response.",
|
|
3794
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key'ed with the...",
|
|
3555
3795
|
"x-f5xc-required-for": {
|
|
3556
3796
|
"minimum_config": false,
|
|
3557
3797
|
"create": false,
|
|
@@ -3567,6 +3807,7 @@
|
|
|
3567
3807
|
"x-displayname": "Total Hits.",
|
|
3568
3808
|
"x-ves-example": "1400",
|
|
3569
3809
|
"x-f5xc-example": "1400",
|
|
3810
|
+
"x-f5xc-description-short": "Total number of suspicious user logs that matched the query.",
|
|
3570
3811
|
"minLength": 0,
|
|
3571
3812
|
"maxLength": 1024,
|
|
3572
3813
|
"x-f5xc-required-for": {
|
|
@@ -3577,6 +3818,7 @@
|
|
|
3577
3818
|
}
|
|
3578
3819
|
}
|
|
3579
3820
|
},
|
|
3821
|
+
"x-f5xc-description-short": "Response message for SuspiciousUserLogsAggregationRequest.",
|
|
3580
3822
|
"x-f5xc-minimum-configuration": {
|
|
3581
3823
|
"description": "Minimum configuration for app_securitySuspiciousUserLogsAggregationResponse",
|
|
3582
3824
|
"required_fields": [
|
|
@@ -3602,6 +3844,8 @@
|
|
|
3602
3844
|
"description": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
|
|
3603
3845
|
"title": "Aggregations.",
|
|
3604
3846
|
"x-displayname": "Aggregations.",
|
|
3847
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the suspicious user logs response.",
|
|
3848
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by user-defined...",
|
|
3605
3849
|
"x-f5xc-required-for": {
|
|
3606
3850
|
"minimum_config": false,
|
|
3607
3851
|
"create": false,
|
|
@@ -3622,6 +3866,8 @@
|
|
|
3622
3866
|
"x-validation-rules": {
|
|
3623
3867
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3624
3868
|
},
|
|
3869
|
+
"x-f5xc-description-short": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
|
|
3870
|
+
"x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
|
|
3625
3871
|
"minLength": 0,
|
|
3626
3872
|
"maxLength": 1024,
|
|
3627
3873
|
"x-f5xc-required-for": {
|
|
@@ -3639,6 +3885,8 @@
|
|
|
3639
3885
|
"x-displayname": "Limit",
|
|
3640
3886
|
"x-ves-example": "100",
|
|
3641
3887
|
"x-f5xc-example": "100",
|
|
3888
|
+
"x-f5xc-description-short": "Limits the number of logs returned in the response Optional: If not specified, first or last 500 logs that matches the query (depending on the...",
|
|
3889
|
+
"x-f5xc-description-medium": "Limits the number of logs returned in the response Optional: If not specified, first or last 500 logs that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.",
|
|
3642
3890
|
"minimum": 0,
|
|
3643
3891
|
"maximum": 2147483647,
|
|
3644
3892
|
"x-f5xc-required-for": {
|
|
@@ -3655,6 +3903,7 @@
|
|
|
3655
3903
|
"x-displayname": "Namespace",
|
|
3656
3904
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
3657
3905
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
3906
|
+
"x-f5xc-description-short": "Fetch suspicious user logs for a given namespace.",
|
|
3658
3907
|
"minLength": 0,
|
|
3659
3908
|
"maxLength": 6,
|
|
3660
3909
|
"x-f5xc-required-for": {
|
|
@@ -3665,7 +3914,7 @@
|
|
|
3665
3914
|
},
|
|
3666
3915
|
"x-original-maxLength": 1024,
|
|
3667
3916
|
"x-reconciled-from-discovery": true,
|
|
3668
|
-
"x-reconciled-at": "2026-01-
|
|
3917
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793156+00:00"
|
|
3669
3918
|
},
|
|
3670
3919
|
"query": {
|
|
3671
3920
|
"type": "string",
|
|
@@ -3674,6 +3923,8 @@
|
|
|
3674
3923
|
"x-displayname": "Query",
|
|
3675
3924
|
"x-ves-example": "Query={vh_name=\"vh-1\", site=\"CE-01\"}",
|
|
3676
3925
|
"x-f5xc-example": "\"query={vh_name=\"vh-1\", site=\"ce-01\"}\"",
|
|
3926
|
+
"x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
|
|
3927
|
+
"x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the suspicious user logs may be specified in the query. Vh_name - name of the virtual host user - user ID site ...",
|
|
3677
3928
|
"minLength": 0,
|
|
3678
3929
|
"maxLength": 1024,
|
|
3679
3930
|
"x-f5xc-required-for": {
|
|
@@ -3691,6 +3942,8 @@
|
|
|
3691
3942
|
"x-displayname": "Scroll",
|
|
3692
3943
|
"x-ves-example": "True",
|
|
3693
3944
|
"x-f5xc-example": "true",
|
|
3945
|
+
"x-f5xc-description-short": "Scroll is used to retrieve large number of logs (or all logs) that matches the query.",
|
|
3946
|
+
"x-f5xc-description-medium": "Scroll is used to retrieve large number of logs (or all logs) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of logs until there are no logs left to return. The number of logs in each batch is determined by...",
|
|
3694
3947
|
"x-f5xc-required-for": {
|
|
3695
3948
|
"minimum_config": false,
|
|
3696
3949
|
"create": false,
|
|
@@ -3706,6 +3959,8 @@
|
|
|
3706
3959
|
"description": "Optional: default is sort by last_event_time.",
|
|
3707
3960
|
"title": "Sort by",
|
|
3708
3961
|
"x-displayname": "Sort By",
|
|
3962
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
3963
|
+
"x-f5xc-description-short": "Optional: default is sort by last_event_time.",
|
|
3709
3964
|
"minLength": 0,
|
|
3710
3965
|
"maxLength": 1024,
|
|
3711
3966
|
"x-f5xc-required-for": {
|
|
@@ -3728,6 +3983,8 @@
|
|
|
3728
3983
|
"x-validation-rules": {
|
|
3729
3984
|
"ves.io.schema.rules.string.query_time": "true"
|
|
3730
3985
|
},
|
|
3986
|
+
"x-f5xc-description-short": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
|
|
3987
|
+
"x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
|
|
3731
3988
|
"minLength": 0,
|
|
3732
3989
|
"maxLength": 1024,
|
|
3733
3990
|
"x-f5xc-required-for": {
|
|
@@ -3770,6 +4027,8 @@
|
|
|
3770
4027
|
"description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
|
|
3771
4028
|
"title": "Aggregations.",
|
|
3772
4029
|
"x-displayname": "Aggregations.",
|
|
4030
|
+
"x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
|
|
4031
|
+
"x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
|
|
3773
4032
|
"x-f5xc-required-for": {
|
|
3774
4033
|
"minimum_config": false,
|
|
3775
4034
|
"create": false,
|
|
@@ -3787,6 +4046,7 @@
|
|
|
3787
4046
|
"x-displayname": "Events",
|
|
3788
4047
|
"x-ves-example": "Value",
|
|
3789
4048
|
"x-f5xc-example": "value",
|
|
4049
|
+
"x-f5xc-description-short": "List of log messages that matched the query. Contains no more than 500 messages.",
|
|
3790
4050
|
"x-f5xc-required-for": {
|
|
3791
4051
|
"minimum_config": false,
|
|
3792
4052
|
"create": false,
|
|
@@ -3801,6 +4061,8 @@
|
|
|
3801
4061
|
"x-displayname": "Scroll ID",
|
|
3802
4062
|
"x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
|
|
3803
4063
|
"x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
|
|
4064
|
+
"x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve the next batch of suspicous user logs using the scroll request.",
|
|
4065
|
+
"x-f5xc-description-medium": "Long Base-64 encoded string which can be used to retrieve the next batch of suspicous user logs using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF).",
|
|
3804
4066
|
"minLength": 0,
|
|
3805
4067
|
"maxLength": 1024,
|
|
3806
4068
|
"x-f5xc-required-for": {
|
|
@@ -3819,6 +4081,7 @@
|
|
|
3819
4081
|
"x-displayname": "Total Hits.",
|
|
3820
4082
|
"x-ves-example": "100",
|
|
3821
4083
|
"x-f5xc-example": "100",
|
|
4084
|
+
"x-f5xc-description-short": "Total number of logs that matched the query.",
|
|
3822
4085
|
"minLength": 0,
|
|
3823
4086
|
"maxLength": 1024,
|
|
3824
4087
|
"x-f5xc-required-for": {
|
|
@@ -3829,6 +4092,7 @@
|
|
|
3829
4092
|
}
|
|
3830
4093
|
}
|
|
3831
4094
|
},
|
|
4095
|
+
"x-f5xc-description-short": "Response message for Suspicious User Logs Request.",
|
|
3832
4096
|
"x-f5xc-minimum-configuration": {
|
|
3833
4097
|
"description": "Minimum configuration for app_securitySuspiciousUserLogsResponse",
|
|
3834
4098
|
"required_fields": [
|
|
@@ -3858,6 +4122,7 @@
|
|
|
3858
4122
|
"x-displayname": "Namespace",
|
|
3859
4123
|
"x-ves-example": "Bloggin-app-namespace-1.",
|
|
3860
4124
|
"x-f5xc-example": "bloggin-app-namespace-1",
|
|
4125
|
+
"x-f5xc-description-short": "Fetch the next batch of suspicious user logs scoped by namespace.",
|
|
3861
4126
|
"minLength": 0,
|
|
3862
4127
|
"maxLength": 6,
|
|
3863
4128
|
"x-f5xc-required-for": {
|
|
@@ -3868,7 +4133,7 @@
|
|
|
3868
4133
|
},
|
|
3869
4134
|
"x-original-maxLength": 1024,
|
|
3870
4135
|
"x-reconciled-from-discovery": true,
|
|
3871
|
-
"x-reconciled-at": "2026-01-
|
|
4136
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793173+00:00"
|
|
3872
4137
|
},
|
|
3873
4138
|
"scroll_id": {
|
|
3874
4139
|
"type": "string",
|
|
@@ -3877,6 +4142,7 @@
|
|
|
3877
4142
|
"x-displayname": "Scroll ID",
|
|
3878
4143
|
"x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
|
|
3879
4144
|
"x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
|
|
4145
|
+
"x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve next batch of security events.",
|
|
3880
4146
|
"minLength": 0,
|
|
3881
4147
|
"maxLength": 1024,
|
|
3882
4148
|
"x-f5xc-required-for": {
|
|
@@ -3888,6 +4154,8 @@
|
|
|
3888
4154
|
"x-field-mutability": "read-only"
|
|
3889
4155
|
}
|
|
3890
4156
|
},
|
|
4157
|
+
"x-f5xc-description-short": "Scroll request is used to fetch large number of suspicious user logs in multiple batches with each SuspiciousUserLogsResponse containing no more...",
|
|
4158
|
+
"x-f5xc-description-medium": "Scroll request is used to fetch large number of suspicious user logs in multiple batches with each SuspiciousUserLogsResponse containing no more than 500 messages. To scroll through more than 500 or all messages, one can use the SuspiciousUserLogsScrollRequest. Use the scroll_id returned in the...",
|
|
3891
4159
|
"x-f5xc-minimum-configuration": {
|
|
3892
4160
|
"description": "Minimum configuration for app_securitySuspiciousUserLogsScrollRequest",
|
|
3893
4161
|
"required_fields": [
|
|
@@ -3941,7 +4209,7 @@
|
|
|
3941
4209
|
},
|
|
3942
4210
|
"x-original-maxLength": 1024,
|
|
3943
4211
|
"x-reconciled-from-discovery": true,
|
|
3944
|
-
"x-reconciled-at": "2026-01-
|
|
4212
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793181+00:00"
|
|
3945
4213
|
},
|
|
3946
4214
|
"id": {
|
|
3947
4215
|
"type": "string",
|
|
@@ -3998,6 +4266,7 @@
|
|
|
3998
4266
|
"x-validation-rules": {
|
|
3999
4267
|
"ves.io.schema.rules.message.required": "true"
|
|
4000
4268
|
},
|
|
4269
|
+
"x-f5xc-description-short": "The Threat Campaign last update time Required: YES.",
|
|
4001
4270
|
"minLength": 0,
|
|
4002
4271
|
"maxLength": 1024,
|
|
4003
4272
|
"x-f5xc-required-for": {
|
|
@@ -4024,6 +4293,7 @@
|
|
|
4024
4293
|
"x-validation-rules": {
|
|
4025
4294
|
"ves.io.schema.rules.message.required": "true"
|
|
4026
4295
|
},
|
|
4296
|
+
"x-f5xc-description-short": "The Threat Campaign Malwares Required: YES.",
|
|
4027
4297
|
"x-f5xc-required-for": {
|
|
4028
4298
|
"minimum_config": false,
|
|
4029
4299
|
"create": false,
|
|
@@ -4055,7 +4325,7 @@
|
|
|
4055
4325
|
},
|
|
4056
4326
|
"x-original-maxLength": 1024,
|
|
4057
4327
|
"x-reconciled-from-discovery": true,
|
|
4058
|
-
"x-reconciled-at": "2026-01-
|
|
4328
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793192+00:00"
|
|
4059
4329
|
},
|
|
4060
4330
|
"references": {
|
|
4061
4331
|
"type": "array",
|
|
@@ -4114,6 +4384,7 @@
|
|
|
4114
4384
|
"x-validation-rules": {
|
|
4115
4385
|
"ves.io.schema.rules.message.required": "true"
|
|
4116
4386
|
},
|
|
4387
|
+
"x-f5xc-description-short": "The Threat Campaign Systems Required: YES.",
|
|
4117
4388
|
"x-f5xc-required-for": {
|
|
4118
4389
|
"minimum_config": false,
|
|
4119
4390
|
"create": false,
|
|
@@ -4122,6 +4393,7 @@
|
|
|
4122
4393
|
}
|
|
4123
4394
|
}
|
|
4124
4395
|
},
|
|
4396
|
+
"x-f5xc-description-short": "Threat Campaign object representing the created threat campaign.",
|
|
4125
4397
|
"x-f5xc-minimum-configuration": {
|
|
4126
4398
|
"description": "Minimum configuration for app_securityThreatCampaign",
|
|
4127
4399
|
"required_fields": [
|
|
@@ -4164,6 +4436,8 @@
|
|
|
4164
4436
|
"$ref": "#/components/schemas/app_securityincidentsMultiFieldAggregation"
|
|
4165
4437
|
}
|
|
4166
4438
|
},
|
|
4439
|
+
"x-f5xc-description-short": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
|
|
4440
|
+
"x-f5xc-description-medium": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
|
|
4167
4441
|
"x-f5xc-minimum-configuration": {
|
|
4168
4442
|
"description": "Minimum configuration for app_securityincidentsAggregationRequest",
|
|
4169
4443
|
"required_fields": [
|
|
@@ -4189,6 +4463,8 @@
|
|
|
4189
4463
|
"$ref": "#/components/schemas/app_securityincidentsKeyField"
|
|
4190
4464
|
}
|
|
4191
4465
|
},
|
|
4466
|
+
"x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the incident.",
|
|
4467
|
+
"x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the incident.",
|
|
4192
4468
|
"x-f5xc-minimum-configuration": {
|
|
4193
4469
|
"description": "Minimum configuration for app_securityincidentsCardinalityAggregation",
|
|
4194
4470
|
"required_fields": [
|
|
@@ -4211,6 +4487,8 @@
|
|
|
4211
4487
|
"description": "X-displayName: \"Step\"\nx-required\nstep is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.\nThe timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
|
|
4212
4488
|
"title": "Step",
|
|
4213
4489
|
"x-f5xc-example": "5m",
|
|
4490
|
+
"x-f5xc-description-short": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in...",
|
|
4491
|
+
"x-f5xc-description-medium": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
|
|
4214
4492
|
"minLength": 0,
|
|
4215
4493
|
"maxLength": 1024,
|
|
4216
4494
|
"x-f5xc-required-for": {
|
|
@@ -4224,6 +4502,7 @@
|
|
|
4224
4502
|
"type": "object",
|
|
4225
4503
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each date bucket.",
|
|
4226
4504
|
"title": "Sub aggregation.",
|
|
4505
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each date bucket.",
|
|
4227
4506
|
"x-f5xc-required-for": {
|
|
4228
4507
|
"minimum_config": false,
|
|
4229
4508
|
"create": false,
|
|
@@ -4232,6 +4511,7 @@
|
|
|
4232
4511
|
}
|
|
4233
4512
|
}
|
|
4234
4513
|
},
|
|
4514
|
+
"x-f5xc-description-short": "X-displayName: \"Date Aggregation\" Aggregate incidents based on timestamp in the log.",
|
|
4235
4515
|
"x-f5xc-minimum-configuration": {
|
|
4236
4516
|
"description": "Minimum configuration for app_securityincidentsDateAggregation",
|
|
4237
4517
|
"required_fields": [
|
|
@@ -4257,6 +4537,8 @@
|
|
|
4257
4537
|
"$ref": "#/components/schemas/app_securityincidentsMultiFieldAggregation"
|
|
4258
4538
|
}
|
|
4259
4539
|
},
|
|
4540
|
+
"x-f5xc-description-short": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
|
|
4541
|
+
"x-f5xc-description-medium": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
|
|
4260
4542
|
"x-f5xc-minimum-configuration": {
|
|
4261
4543
|
"description": "Minimum configuration for app_securityincidentsDateSubAggregation",
|
|
4262
4544
|
"required_fields": [
|
|
@@ -4285,6 +4567,8 @@
|
|
|
4285
4567
|
"type": "object",
|
|
4286
4568
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
|
|
4287
4569
|
"title": "Sub aggregation.",
|
|
4570
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
4571
|
+
"x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
4288
4572
|
"x-f5xc-required-for": {
|
|
4289
4573
|
"minimum_config": false,
|
|
4290
4574
|
"create": false,
|
|
@@ -4298,6 +4582,7 @@
|
|
|
4298
4582
|
"title": "Topk",
|
|
4299
4583
|
"format": "int64",
|
|
4300
4584
|
"x-f5xc-example": "10",
|
|
4585
|
+
"x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
|
|
4301
4586
|
"minimum": 0,
|
|
4302
4587
|
"maximum": 2147483647,
|
|
4303
4588
|
"x-f5xc-required-for": {
|
|
@@ -4308,6 +4593,8 @@
|
|
|
4308
4593
|
}
|
|
4309
4594
|
}
|
|
4310
4595
|
},
|
|
4596
|
+
"x-f5xc-description-short": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the security event.",
|
|
4597
|
+
"x-f5xc-description-medium": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the security event.",
|
|
4311
4598
|
"x-f5xc-minimum-configuration": {
|
|
4312
4599
|
"description": "Minimum configuration for app_securityincidentsFieldAggregation",
|
|
4313
4600
|
"required_fields": [
|
|
@@ -4332,6 +4619,8 @@
|
|
|
4332
4619
|
"$ref": "#/components/schemas/app_securityincidentsCardinalityAggregation"
|
|
4333
4620
|
}
|
|
4334
4621
|
},
|
|
4622
|
+
"x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
|
|
4623
|
+
"x-f5xc-description-medium": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
|
|
4335
4624
|
"x-f5xc-minimum-configuration": {
|
|
4336
4625
|
"description": "Minimum configuration for app_securityincidentsFieldSubAggregation",
|
|
4337
4626
|
"required_fields": [
|
|
@@ -4362,6 +4651,8 @@
|
|
|
4362
4651
|
"INCIDENT_ID"
|
|
4363
4652
|
],
|
|
4364
4653
|
"default": "CITY",
|
|
4654
|
+
"x-f5xc-description-short": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName...",
|
|
4655
|
+
"x-f5xc-description-medium": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName: \"Country\" - ASN: x-displayName: \"ASN\" - INCIDENT_TYPE: x-displayName: \"Incident Type\" - INTENT: x-displayName: \"Intent\" - VH_NAME: x-displayName: \"Virtual...",
|
|
4365
4656
|
"x-f5xc-minimum-configuration": {
|
|
4366
4657
|
"description": "Minimum configuration for app_securityincidentsKeyField",
|
|
4367
4658
|
"required_fields": [],
|
|
@@ -4380,6 +4671,8 @@
|
|
|
4380
4671
|
"EVENTS"
|
|
4381
4672
|
],
|
|
4382
4673
|
"default": "EVENTS",
|
|
4674
|
+
"x-f5xc-description-short": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - EVENTS: x-displayName: \"Events\".",
|
|
4675
|
+
"x-f5xc-description-medium": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - EVENTS: x-displayName: \"Events\".",
|
|
4383
4676
|
"x-f5xc-minimum-configuration": {
|
|
4384
4677
|
"description": "Minimum configuration for app_securityincidentsMetricField",
|
|
4385
4678
|
"required_fields": [],
|
|
@@ -4399,6 +4692,8 @@
|
|
|
4399
4692
|
"$ref": "#/components/schemas/app_securityincidentsPercentileAggregation"
|
|
4400
4693
|
}
|
|
4401
4694
|
},
|
|
4695
|
+
"x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the incident.",
|
|
4696
|
+
"x-f5xc-description-medium": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the incident.",
|
|
4402
4697
|
"x-f5xc-minimum-configuration": {
|
|
4403
4698
|
"description": "Minimum configuration for app_securityincidentsMetricsAggregation",
|
|
4404
4699
|
"required_fields": [
|
|
@@ -4426,6 +4721,8 @@
|
|
|
4426
4721
|
"type": "object",
|
|
4427
4722
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
|
|
4428
4723
|
"title": "Sub aggregation.",
|
|
4724
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
4725
|
+
"x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
4429
4726
|
"x-f5xc-required-for": {
|
|
4430
4727
|
"minimum_config": false,
|
|
4431
4728
|
"create": false,
|
|
@@ -4439,6 +4736,7 @@
|
|
|
4439
4736
|
"title": "Topk",
|
|
4440
4737
|
"format": "int64",
|
|
4441
4738
|
"x-f5xc-example": "10",
|
|
4739
|
+
"x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
|
|
4442
4740
|
"minimum": 0,
|
|
4443
4741
|
"maximum": 2147483647,
|
|
4444
4742
|
"x-f5xc-required-for": {
|
|
@@ -4449,6 +4747,8 @@
|
|
|
4449
4747
|
}
|
|
4450
4748
|
}
|
|
4451
4749
|
},
|
|
4750
|
+
"x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation\" Aggregate incidents based on the multiple fields in the incident.",
|
|
4751
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi-Field Aggregation\" Aggregate incidents based on the multiple fields in the incident.",
|
|
4452
4752
|
"x-f5xc-minimum-configuration": {
|
|
4453
4753
|
"description": "Minimum configuration for app_securityincidentsMultiFieldAggregation",
|
|
4454
4754
|
"required_fields": [
|
|
@@ -4473,6 +4773,8 @@
|
|
|
4473
4773
|
"$ref": "#/components/schemas/app_securityincidentsCardinalityAggregation"
|
|
4474
4774
|
}
|
|
4475
4775
|
},
|
|
4776
|
+
"x-f5xc-description-short": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
|
|
4777
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
|
|
4476
4778
|
"x-f5xc-minimum-configuration": {
|
|
4477
4779
|
"description": "Minimum configuration for app_securityincidentsMultiFieldSubAggregation",
|
|
4478
4780
|
"required_fields": [
|
|
@@ -4493,6 +4795,8 @@
|
|
|
4493
4795
|
"SRC_IP_TLS_FINGERPRINT"
|
|
4494
4796
|
],
|
|
4495
4797
|
"default": "SRC_IP_TLS_FINGERPRINT",
|
|
4798
|
+
"x-f5xc-description-short": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - SRC_IP_TLS_FINGERPRINT: x-displayName...",
|
|
4799
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - SRC_IP_TLS_FINGERPRINT: x-displayName: \"Source IP, JA3 TLS Fingerprint\" Aggregated by (keyfield.src_IP, keyfield.tls_FINGERPRINT).",
|
|
4496
4800
|
"x-f5xc-minimum-configuration": {
|
|
4497
4801
|
"description": "Minimum configuration for app_securityincidentsMultiKeyField",
|
|
4498
4802
|
"required_fields": [],
|
|
@@ -4517,6 +4821,7 @@
|
|
|
4517
4821
|
"title": "Percent",
|
|
4518
4822
|
"format": "double",
|
|
4519
4823
|
"x-f5xc-example": "[99.0]",
|
|
4824
|
+
"x-f5xc-description-short": "X-displayName: \"Percent\" x-required Percentile for which value is calculated.",
|
|
4520
4825
|
"x-f5xc-required-for": {
|
|
4521
4826
|
"minimum_config": false,
|
|
4522
4827
|
"create": false,
|
|
@@ -4525,6 +4830,7 @@
|
|
|
4525
4830
|
}
|
|
4526
4831
|
}
|
|
4527
4832
|
},
|
|
4833
|
+
"x-f5xc-description-short": "X-displayName: \"Percentile Aggregation\" Calculates percentile over numeric values for a field.",
|
|
4528
4834
|
"x-f5xc-minimum-configuration": {
|
|
4529
4835
|
"description": "Minimum configuration for app_securityincidentsPercentileAggregation",
|
|
4530
4836
|
"required_fields": [
|
|
@@ -4565,6 +4871,8 @@
|
|
|
4565
4871
|
"$ref": "#/components/schemas/suspicious_user_logMinAggregation"
|
|
4566
4872
|
}
|
|
4567
4873
|
},
|
|
4874
|
+
"x-f5xc-description-short": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
|
|
4875
|
+
"x-f5xc-description-medium": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
|
|
4568
4876
|
"x-f5xc-minimum-configuration": {
|
|
4569
4877
|
"description": "Minimum configuration for app_securitysuspicious_user_logAggregationRequest",
|
|
4570
4878
|
"required_fields": [
|
|
@@ -4592,6 +4900,8 @@
|
|
|
4592
4900
|
"$ref": "#/components/schemas/app_securitysuspicious_user_logKeyField"
|
|
4593
4901
|
}
|
|
4594
4902
|
},
|
|
4903
|
+
"x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the suspicious user log.",
|
|
4904
|
+
"x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the suspicious user log.",
|
|
4595
4905
|
"x-f5xc-minimum-configuration": {
|
|
4596
4906
|
"description": "Minimum configuration for app_securitysuspicious_user_logCardinalityAggregation",
|
|
4597
4907
|
"required_fields": [
|
|
@@ -4614,6 +4924,8 @@
|
|
|
4614
4924
|
"description": "X-displayName: \"Step\"\nx-required\nstep is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.\nThe timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
|
|
4615
4925
|
"title": "Step",
|
|
4616
4926
|
"x-f5xc-example": "5m",
|
|
4927
|
+
"x-f5xc-description-short": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in...",
|
|
4928
|
+
"x-f5xc-description-medium": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
|
|
4617
4929
|
"minLength": 0,
|
|
4618
4930
|
"maxLength": 1024,
|
|
4619
4931
|
"x-f5xc-required-for": {
|
|
@@ -4624,6 +4936,7 @@
|
|
|
4624
4936
|
}
|
|
4625
4937
|
}
|
|
4626
4938
|
},
|
|
4939
|
+
"x-f5xc-description-short": "X-displayName: \"Date Aggregation\" Aggregate suspicious user logs based on timestamp in the log.",
|
|
4627
4940
|
"x-f5xc-minimum-configuration": {
|
|
4628
4941
|
"description": "Minimum configuration for app_securitysuspicious_user_logDateAggregation",
|
|
4629
4942
|
"required_fields": [
|
|
@@ -4651,6 +4964,8 @@
|
|
|
4651
4964
|
"type": "object",
|
|
4652
4965
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
|
|
4653
4966
|
"title": "Sub aggregation.",
|
|
4967
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
4968
|
+
"x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
4654
4969
|
"x-f5xc-required-for": {
|
|
4655
4970
|
"minimum_config": false,
|
|
4656
4971
|
"create": false,
|
|
@@ -4664,6 +4979,7 @@
|
|
|
4664
4979
|
"title": "Topk",
|
|
4665
4980
|
"format": "int64",
|
|
4666
4981
|
"x-f5xc-example": "10",
|
|
4982
|
+
"x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
|
|
4667
4983
|
"minimum": 0,
|
|
4668
4984
|
"maximum": 2147483647,
|
|
4669
4985
|
"x-f5xc-required-for": {
|
|
@@ -4674,6 +4990,8 @@
|
|
|
4674
4990
|
}
|
|
4675
4991
|
}
|
|
4676
4992
|
},
|
|
4993
|
+
"x-f5xc-description-short": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the suspicious user log.",
|
|
4994
|
+
"x-f5xc-description-medium": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the suspicious user log.",
|
|
4677
4995
|
"x-f5xc-minimum-configuration": {
|
|
4678
4996
|
"description": "Minimum configuration for app_securitysuspicious_user_logFieldAggregation",
|
|
4679
4997
|
"required_fields": [
|
|
@@ -4698,6 +5016,8 @@
|
|
|
4698
5016
|
"$ref": "#/components/schemas/app_securitysuspicious_user_logCardinalityAggregation"
|
|
4699
5017
|
}
|
|
4700
5018
|
},
|
|
5019
|
+
"x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
|
|
5020
|
+
"x-f5xc-description-medium": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
|
|
4701
5021
|
"x-f5xc-minimum-configuration": {
|
|
4702
5022
|
"description": "Minimum configuration for app_securitysuspicious_user_logFieldSubAggregation",
|
|
4703
5023
|
"required_fields": [
|
|
@@ -4725,6 +5045,8 @@
|
|
|
4725
5045
|
"SUSPICION_LOG_TYPE"
|
|
4726
5046
|
],
|
|
4727
5047
|
"default": "CITY",
|
|
5048
|
+
"x-f5xc-description-short": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName...",
|
|
5049
|
+
"x-f5xc-description-medium": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName: \"Country\" - ASN: x-displayName: \"ASN\" - USER: x-displayName: \"User\" - THREAT_LEVEL: x-displayName: \"Threat Level\" - VH_NAME: x-displayName: \"Virtual Host...",
|
|
4728
5050
|
"x-f5xc-minimum-configuration": {
|
|
4729
5051
|
"description": "Minimum configuration for app_securitysuspicious_user_logKeyField",
|
|
4730
5052
|
"required_fields": [],
|
|
@@ -4744,6 +5066,8 @@
|
|
|
4744
5066
|
"$ref": "#/components/schemas/app_securitysuspicious_user_logPercentileAggregation"
|
|
4745
5067
|
}
|
|
4746
5068
|
},
|
|
5069
|
+
"x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the suspicious user log.",
|
|
5070
|
+
"x-f5xc-description-medium": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the suspicious user log.",
|
|
4747
5071
|
"x-f5xc-minimum-configuration": {
|
|
4748
5072
|
"description": "Minimum configuration for app_securitysuspicious_user_logMetricsAggregation",
|
|
4749
5073
|
"required_fields": [
|
|
@@ -4770,6 +5094,7 @@
|
|
|
4770
5094
|
"title": "Percent",
|
|
4771
5095
|
"format": "double",
|
|
4772
5096
|
"x-f5xc-example": "[99.0]",
|
|
5097
|
+
"x-f5xc-description-short": "X-displayName: \"Percent\" x-required Percentile for which value is calculated.",
|
|
4773
5098
|
"x-f5xc-required-for": {
|
|
4774
5099
|
"minimum_config": false,
|
|
4775
5100
|
"create": false,
|
|
@@ -4778,6 +5103,7 @@
|
|
|
4778
5103
|
}
|
|
4779
5104
|
}
|
|
4780
5105
|
},
|
|
5106
|
+
"x-f5xc-description-short": "X-displayName: \"Percentile Aggregation\" Calculates percentile over numeric values for a field.",
|
|
4781
5107
|
"x-f5xc-minimum-configuration": {
|
|
4782
5108
|
"description": "Minimum configuration for app_securitysuspicious_user_logPercentileAggregation",
|
|
4783
5109
|
"required_fields": [
|
|
@@ -4823,6 +5149,7 @@
|
|
|
4823
5149
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
4824
5150
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
4825
5151
|
},
|
|
5152
|
+
"x-f5xc-description-short": "Sources that are located in one of the countries in the given list.",
|
|
4826
5153
|
"x-f5xc-required-for": {
|
|
4827
5154
|
"minimum_config": false,
|
|
4828
5155
|
"create": false,
|
|
@@ -4882,6 +5209,8 @@
|
|
|
4882
5209
|
"x-validation-rules": {
|
|
4883
5210
|
"ves.io.schema.rules.timestamp.within.seconds": "31536000"
|
|
4884
5211
|
},
|
|
5212
|
+
"x-f5xc-description-short": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired.",
|
|
5213
|
+
"x-f5xc-description-medium": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.",
|
|
4885
5214
|
"minLength": 0,
|
|
4886
5215
|
"maxLength": 1024,
|
|
4887
5216
|
"x-f5xc-required-for": {
|
|
@@ -4898,6 +5227,7 @@
|
|
|
4898
5227
|
"$ref": "#/components/schemas/schemaMessageMetaType"
|
|
4899
5228
|
}
|
|
4900
5229
|
},
|
|
5230
|
+
"x-f5xc-description-short": "DDoS Mitigation Rule specifies the sources to be blocked.",
|
|
4901
5231
|
"x-f5xc-minimum-configuration": {
|
|
4902
5232
|
"description": "Minimum configuration for common_securityDDoSMitigationRule",
|
|
4903
5233
|
"required_fields": [
|
|
@@ -4950,6 +5280,7 @@
|
|
|
4950
5280
|
"ves.io.schema.rules.string.max_len": "1024",
|
|
4951
5281
|
"ves.io.schema.rules.string.templated_http_path": "true"
|
|
4952
5282
|
},
|
|
5283
|
+
"x-f5xc-description-short": "The endpoint (path) of the request. Required: YES.",
|
|
4953
5284
|
"minLength": 0,
|
|
4954
5285
|
"x-f5xc-required-for": {
|
|
4955
5286
|
"minimum_config": false,
|
|
@@ -4983,6 +5314,7 @@
|
|
|
4983
5314
|
"ves.io.schema.rules.string.max_len": "128",
|
|
4984
5315
|
"ves.io.schema.rules.string.vh_domain": "true"
|
|
4985
5316
|
},
|
|
5317
|
+
"x-f5xc-description-short": "Exclusive with [any_domain] The rule will apply for a specific domain. For",
|
|
4986
5318
|
"minLength": 0,
|
|
4987
5319
|
"x-f5xc-required-for": {
|
|
4988
5320
|
"minimum_config": false,
|
|
@@ -4992,6 +5324,7 @@
|
|
|
4992
5324
|
}
|
|
4993
5325
|
}
|
|
4994
5326
|
},
|
|
5327
|
+
"x-f5xc-description-short": "API Protection Rule for a specific endpoint.",
|
|
4995
5328
|
"x-f5xc-minimum-configuration": {
|
|
4996
5329
|
"description": "Minimum configuration for common_wafAPIEndpointProtectionRule",
|
|
4997
5330
|
"required_fields": [
|
|
@@ -5026,6 +5359,7 @@
|
|
|
5026
5359
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
5027
5360
|
}
|
|
5028
5361
|
},
|
|
5362
|
+
"x-f5xc-description-short": "The action to take if the input request matches the rule.",
|
|
5029
5363
|
"x-f5xc-minimum-configuration": {
|
|
5030
5364
|
"description": "Minimum configuration for common_wafAPIProtectionRuleAction",
|
|
5031
5365
|
"required_fields": [
|
|
@@ -5148,6 +5482,7 @@
|
|
|
5148
5482
|
"ves.io.schema.rules.string.max_len": "1024",
|
|
5149
5483
|
"ves.io.schema.rules.string.templated_http_path": "true"
|
|
5150
5484
|
},
|
|
5485
|
+
"x-f5xc-description-short": "The endpoint (path) of the request. Required: YES.",
|
|
5151
5486
|
"minLength": 0,
|
|
5152
5487
|
"x-f5xc-required-for": {
|
|
5153
5488
|
"minimum_config": false,
|
|
@@ -5182,6 +5517,7 @@
|
|
|
5182
5517
|
"ves.io.schema.rules.string.max_len": "128",
|
|
5183
5518
|
"ves.io.schema.rules.string.vh_domain": "true"
|
|
5184
5519
|
},
|
|
5520
|
+
"x-f5xc-description-short": "Exclusive with [any_domain] The rule will apply for a specific domain.",
|
|
5185
5521
|
"minLength": 0,
|
|
5186
5522
|
"x-f5xc-required-for": {
|
|
5187
5523
|
"minimum_config": false,
|
|
@@ -5228,6 +5564,7 @@
|
|
|
5228
5564
|
"default": "SKIP_PROCESSING_WAF",
|
|
5229
5565
|
"x-displayname": "Action",
|
|
5230
5566
|
"x-ves-proto-enum": "ves.io.schema.views.common_waf.ClientSrcRuleAction",
|
|
5567
|
+
"x-f5xc-description-short": "Action that should be taken when client identifier matches the rule.",
|
|
5231
5568
|
"x-f5xc-minimum-configuration": {
|
|
5232
5569
|
"description": "Minimum configuration for common_wafClientSrcRuleAction",
|
|
5233
5570
|
"required_fields": [],
|
|
@@ -5265,6 +5602,7 @@
|
|
|
5265
5602
|
"ves.io.schema.rules.repeated.max_items": "15",
|
|
5266
5603
|
"ves.io.schema.rules.repeated.unique_metadata_name": "true"
|
|
5267
5604
|
},
|
|
5605
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
5268
5606
|
"x-f5xc-required-for": {
|
|
5269
5607
|
"minimum_config": false,
|
|
5270
5608
|
"create": false,
|
|
@@ -5320,6 +5658,7 @@
|
|
|
5320
5658
|
"x-validation-rules": {
|
|
5321
5659
|
"ves.io.schema.rules.string.max_len": "128"
|
|
5322
5660
|
},
|
|
5661
|
+
"x-f5xc-description-short": "Exclusive with [api_endpoint base_path] The API group which this validation applies to.",
|
|
5323
5662
|
"minLength": 0,
|
|
5324
5663
|
"x-f5xc-required-for": {
|
|
5325
5664
|
"minimum_config": false,
|
|
@@ -5344,6 +5683,7 @@
|
|
|
5344
5683
|
"ves.io.schema.rules.string.http_path": "true",
|
|
5345
5684
|
"ves.io.schema.rules.string.max_len": "128"
|
|
5346
5685
|
},
|
|
5686
|
+
"x-f5xc-description-short": "Exclusive with [api_endpoint api_group] The base path which this validation applies to.",
|
|
5347
5687
|
"minLength": 0,
|
|
5348
5688
|
"x-f5xc-required-for": {
|
|
5349
5689
|
"minimum_config": false,
|
|
@@ -5356,6 +5696,7 @@
|
|
|
5356
5696
|
"$ref": "#/components/schemas/schemaMessageMetaType"
|
|
5357
5697
|
}
|
|
5358
5698
|
},
|
|
5699
|
+
"x-f5xc-description-short": "Fall Through Rule for a specific endpoint, base-path, or API group.",
|
|
5359
5700
|
"x-f5xc-minimum-configuration": {
|
|
5360
5701
|
"description": "Minimum configuration for common_wafFallThroughRule",
|
|
5361
5702
|
"required_fields": [
|
|
@@ -5399,6 +5740,8 @@
|
|
|
5399
5740
|
"ves.io.schema.rules.message.required": "true",
|
|
5400
5741
|
"ves.io.schema.rules.repeated.max_items": "16"
|
|
5401
5742
|
},
|
|
5743
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
5744
|
+
"x-f5xc-description-short": "List of HTTP header name and value pairs Required: YES.",
|
|
5402
5745
|
"x-f5xc-required-for": {
|
|
5403
5746
|
"minimum_config": false,
|
|
5404
5747
|
"create": false,
|
|
@@ -5448,6 +5791,8 @@
|
|
|
5448
5791
|
"ves.io.schema.rules.uint32.gt": "0",
|
|
5449
5792
|
"ves.io.schema.rules.uint32.lte": "8192"
|
|
5450
5793
|
},
|
|
5794
|
+
"x-f5xc-description-short": "The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period.",
|
|
5795
|
+
"x-f5xc-description-medium": "The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.",
|
|
5451
5796
|
"minimum": 0,
|
|
5452
5797
|
"maximum": 2147483647,
|
|
5453
5798
|
"x-f5xc-required-for": {
|
|
@@ -5495,6 +5840,8 @@
|
|
|
5495
5840
|
}
|
|
5496
5841
|
},
|
|
5497
5842
|
"x-required": true,
|
|
5843
|
+
"x-f5xc-description-short": "Determine what to do with unprotected endpoints (not in the OpenAPI specification file (a.k.a.",
|
|
5844
|
+
"x-f5xc-description-medium": "Determine what to do with unprotected endpoints (not in the OpenAPI specification file (a.k.a. Swagger) or doesn't have a specific rule in custom rules).",
|
|
5498
5845
|
"x-f5xc-minimum-configuration": {
|
|
5499
5846
|
"description": "Minimum configuration for common_wafOpenApiFallThroughMode",
|
|
5500
5847
|
"required_fields": [
|
|
@@ -5563,6 +5910,8 @@
|
|
|
5563
5910
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
5564
5911
|
}
|
|
5565
5912
|
},
|
|
5913
|
+
"x-f5xc-description-short": "OpenAPI specification validation settings relevant for \"API Inventory\" enforcement and for \"Custom list\" enforcement.",
|
|
5914
|
+
"x-f5xc-description-medium": "OpenAPI specification validation settings relevant for \"API Inventory\" enforcement and for \"Custom list\" enforcement.",
|
|
5566
5915
|
"x-f5xc-minimum-configuration": {
|
|
5567
5916
|
"description": "Minimum configuration for common_wafOpenApiValidationCommonSettings",
|
|
5568
5917
|
"required_fields": [
|
|
@@ -5601,6 +5950,8 @@
|
|
|
5601
5950
|
}
|
|
5602
5951
|
},
|
|
5603
5952
|
"x-required": true,
|
|
5953
|
+
"x-f5xc-description-short": "Validation mode of OpenAPI specification.",
|
|
5954
|
+
"x-f5xc-description-medium": "Validation mode of OpenAPI specification. When a validation mismatch occurs on a request to one of the endpoints listed on the OpenAPI specification file (a.k.a. Swagger).",
|
|
5604
5955
|
"x-f5xc-minimum-configuration": {
|
|
5605
5956
|
"description": "Minimum configuration for common_wafOpenApiValidationMode",
|
|
5606
5957
|
"required_fields": [
|
|
@@ -5654,6 +6005,8 @@
|
|
|
5654
6005
|
"ves.io.schema.rules.repeated.min_items": "1",
|
|
5655
6006
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
5656
6007
|
},
|
|
6008
|
+
"x-f5xc-description-short": "List of properties of the request to validate according to the OpenAPI specification file (a.k.a.",
|
|
6009
|
+
"x-f5xc-description-medium": "List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger) Required: YES.",
|
|
5657
6010
|
"x-f5xc-required-for": {
|
|
5658
6011
|
"minimum_config": false,
|
|
5659
6012
|
"create": false,
|
|
@@ -5714,6 +6067,8 @@
|
|
|
5714
6067
|
"ves.io.schema.rules.repeated.min_items": "1",
|
|
5715
6068
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
5716
6069
|
},
|
|
6070
|
+
"x-f5xc-description-short": "List of properties of the response to validate according to the OpenAPI specification file (a.k.a.",
|
|
6071
|
+
"x-f5xc-description-medium": "List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger) Required: YES.",
|
|
5717
6072
|
"x-f5xc-required-for": {
|
|
5718
6073
|
"minimum_config": false,
|
|
5719
6074
|
"create": false,
|
|
@@ -5765,6 +6120,7 @@
|
|
|
5765
6120
|
"x-validation-rules": {
|
|
5766
6121
|
"ves.io.schema.rules.string.max_len": "128"
|
|
5767
6122
|
},
|
|
6123
|
+
"x-f5xc-description-short": "Exclusive with [api_endpoint base_path] The API group which this validation applies to.",
|
|
5768
6124
|
"minLength": 0,
|
|
5769
6125
|
"x-f5xc-required-for": {
|
|
5770
6126
|
"minimum_config": false,
|
|
@@ -5789,6 +6145,7 @@
|
|
|
5789
6145
|
"ves.io.schema.rules.string.http_path": "true",
|
|
5790
6146
|
"ves.io.schema.rules.string.max_len": "128"
|
|
5791
6147
|
},
|
|
6148
|
+
"x-f5xc-description-short": "Exclusive with [api_endpoint api_group] The base path which this validation applies to.",
|
|
5792
6149
|
"minLength": 0,
|
|
5793
6150
|
"x-f5xc-required-for": {
|
|
5794
6151
|
"minimum_config": false,
|
|
@@ -5814,6 +6171,7 @@
|
|
|
5814
6171
|
"ves.io.schema.rules.string.max_len": "128",
|
|
5815
6172
|
"ves.io.schema.rules.string.vh_domain": "true"
|
|
5816
6173
|
},
|
|
6174
|
+
"x-f5xc-description-short": "Exclusive with [any_domain] The rule will apply for a specific domain.",
|
|
5817
6175
|
"minLength": 0,
|
|
5818
6176
|
"x-f5xc-required-for": {
|
|
5819
6177
|
"minimum_config": false,
|
|
@@ -5826,6 +6184,7 @@
|
|
|
5826
6184
|
"$ref": "#/components/schemas/common_wafOpenApiValidationMode"
|
|
5827
6185
|
}
|
|
5828
6186
|
},
|
|
6187
|
+
"x-f5xc-description-short": "OpenAPI Validation Rule for a specific endpoint, base-path, or API group.",
|
|
5829
6188
|
"x-f5xc-minimum-configuration": {
|
|
5830
6189
|
"description": "Minimum configuration for common_wafOpenApiValidationRule",
|
|
5831
6190
|
"required_fields": [
|
|
@@ -5872,6 +6231,7 @@
|
|
|
5872
6231
|
"ves.io.schema.rules.repeated.max_items": "10",
|
|
5873
6232
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
5874
6233
|
},
|
|
6234
|
+
"x-f5xc-description-short": "Actions that should be taken when client identifier matches the rule.",
|
|
5875
6235
|
"x-f5xc-required-for": {
|
|
5876
6236
|
"minimum_config": false,
|
|
5877
6237
|
"create": false,
|
|
@@ -5895,6 +6255,8 @@
|
|
|
5895
6255
|
"ves.io.schema.rules.uint32.gte": "1",
|
|
5896
6256
|
"ves.io.schema.rules.uint32.lte": "401308"
|
|
5897
6257
|
},
|
|
6258
|
+
"x-f5xc-description-short": "Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.",
|
|
6259
|
+
"x-f5xc-description-medium": "Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.",
|
|
5898
6260
|
"minimum": 0,
|
|
5899
6261
|
"maximum": 2147483647,
|
|
5900
6262
|
"x-f5xc-required-for": {
|
|
@@ -5921,6 +6283,8 @@
|
|
|
5921
6283
|
"x-validation-rules": {
|
|
5922
6284
|
"ves.io.schema.rules.timestamp.within.seconds": "31536000"
|
|
5923
6285
|
},
|
|
6286
|
+
"x-f5xc-description-short": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired.",
|
|
6287
|
+
"x-f5xc-description-medium": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.",
|
|
5924
6288
|
"minLength": 0,
|
|
5925
6289
|
"maxLength": 1024,
|
|
5926
6290
|
"x-f5xc-required-for": {
|
|
@@ -5946,6 +6310,7 @@
|
|
|
5946
6310
|
"x-validation-rules": {
|
|
5947
6311
|
"ves.io.schema.rules.string.ipv4_prefix": "true"
|
|
5948
6312
|
},
|
|
6313
|
+
"x-f5xc-description-short": "Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.",
|
|
5949
6314
|
"minLength": 0,
|
|
5950
6315
|
"maxLength": 1024,
|
|
5951
6316
|
"x-f5xc-required-for": {
|
|
@@ -5968,6 +6333,7 @@
|
|
|
5968
6333
|
"x-validation-rules": {
|
|
5969
6334
|
"ves.io.schema.rules.string.ipv6_prefix": "true"
|
|
5970
6335
|
},
|
|
6336
|
+
"x-f5xc-description-short": "Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.",
|
|
5971
6337
|
"minLength": 0,
|
|
5972
6338
|
"maxLength": 1024,
|
|
5973
6339
|
"x-f5xc-required-for": {
|
|
@@ -5995,6 +6361,8 @@
|
|
|
5995
6361
|
"x-validation-rules": {
|
|
5996
6362
|
"ves.io.schema.rules.string.max_len": "256"
|
|
5997
6363
|
},
|
|
6364
|
+
"x-f5xc-description-short": "Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier.",
|
|
6365
|
+
"x-f5xc-description-medium": "Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.",
|
|
5998
6366
|
"minLength": 0,
|
|
5999
6367
|
"x-f5xc-required-for": {
|
|
6000
6368
|
"minimum_config": false,
|
|
@@ -6008,6 +6376,7 @@
|
|
|
6008
6376
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
6009
6377
|
}
|
|
6010
6378
|
},
|
|
6379
|
+
"x-f5xc-description-short": "Simple client source rule specifies the sources to be blocked or trusted (skip WAF).",
|
|
6011
6380
|
"x-f5xc-minimum-configuration": {
|
|
6012
6381
|
"description": "Minimum configuration for common_wafSimpleClientSrcRule",
|
|
6013
6382
|
"required_fields": [
|
|
@@ -6065,6 +6434,7 @@
|
|
|
6065
6434
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
6066
6435
|
}
|
|
6067
6436
|
},
|
|
6437
|
+
"x-f5xc-description-short": "X-displayName: \"Validation Settings For Headers\" Custom settings for headers validation.",
|
|
6068
6438
|
"x-f5xc-minimum-configuration": {
|
|
6069
6439
|
"description": "Minimum configuration for common_wafValidationSettingForHeaders",
|
|
6070
6440
|
"required_fields": [
|
|
@@ -6093,6 +6463,7 @@
|
|
|
6093
6463
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
6094
6464
|
}
|
|
6095
6465
|
},
|
|
6466
|
+
"x-f5xc-description-short": "Custom settings for query parameters validation.",
|
|
6096
6467
|
"x-f5xc-minimum-configuration": {
|
|
6097
6468
|
"description": "Minimum configuration for common_wafValidationSettingForQueryParameters",
|
|
6098
6469
|
"required_fields": [
|
|
@@ -6148,6 +6519,8 @@
|
|
|
6148
6519
|
"ves.io.schema.rules.repeated.min_items": "1",
|
|
6149
6520
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
6150
6521
|
},
|
|
6522
|
+
"x-f5xc-description-short": "List of JSON Path field values. Use square brackets with an underscore [_] to indicate array elements (e.g., person.emails[_]).",
|
|
6523
|
+
"x-f5xc-description-medium": "List of JSON Path field values. Use square brackets with an underscore [_] to indicate array elements (e.g., person.emails[_]). To reference JSON keys that contain spaces, enclose the entire path in double quotes.",
|
|
6151
6524
|
"x-f5xc-required-for": {
|
|
6152
6525
|
"minimum_config": false,
|
|
6153
6526
|
"create": false,
|
|
@@ -6209,6 +6582,7 @@
|
|
|
6209
6582
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
6210
6583
|
}
|
|
6211
6584
|
},
|
|
6585
|
+
"x-f5xc-description-short": "Settings to mask sensitive data in request/response payload.",
|
|
6212
6586
|
"x-f5xc-minimum-configuration": {
|
|
6213
6587
|
"description": "HTTP/HTTPS load balancer for distributing traffic across origin pools",
|
|
6214
6588
|
"required_fields": [
|
|
@@ -6264,6 +6638,7 @@
|
|
|
6264
6638
|
"ves.io.schema.rules.string.max_bytes": "256",
|
|
6265
6639
|
"ves.io.schema.rules.string.not_empty": "true"
|
|
6266
6640
|
},
|
|
6641
|
+
"x-f5xc-description-short": "Exclusive with [presence regex] Header value to match exactly.",
|
|
6267
6642
|
"minLength": 0,
|
|
6268
6643
|
"x-f5xc-required-for": {
|
|
6269
6644
|
"minimum_config": false,
|
|
@@ -6278,6 +6653,7 @@
|
|
|
6278
6653
|
"title": "Invert_match.",
|
|
6279
6654
|
"format": "boolean",
|
|
6280
6655
|
"x-displayname": "NOT of match.",
|
|
6656
|
+
"x-f5xc-description-short": "Invert the result of the match to detect missing header or non-matching value.",
|
|
6281
6657
|
"x-f5xc-required-for": {
|
|
6282
6658
|
"minimum_config": false,
|
|
6283
6659
|
"create": false,
|
|
@@ -6315,7 +6691,7 @@
|
|
|
6315
6691
|
},
|
|
6316
6692
|
"x-original-maxLength": 256,
|
|
6317
6693
|
"x-reconciled-from-discovery": true,
|
|
6318
|
-
"x-reconciled-at": "2026-01-
|
|
6694
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793377+00:00"
|
|
6319
6695
|
},
|
|
6320
6696
|
"presence": {
|
|
6321
6697
|
"type": "boolean",
|
|
@@ -6323,6 +6699,7 @@
|
|
|
6323
6699
|
"title": "Presence",
|
|
6324
6700
|
"format": "boolean",
|
|
6325
6701
|
"x-displayname": "Presence",
|
|
6702
|
+
"x-f5xc-description-short": "Exclusive with [exact regex] If true, check for presence of header.",
|
|
6326
6703
|
"x-f5xc-required-for": {
|
|
6327
6704
|
"minimum_config": false,
|
|
6328
6705
|
"create": false,
|
|
@@ -6346,6 +6723,7 @@
|
|
|
6346
6723
|
"ves.io.schema.rules.string.not_empty": "true",
|
|
6347
6724
|
"ves.io.schema.rules.string.regex": "true"
|
|
6348
6725
|
},
|
|
6726
|
+
"x-f5xc-description-short": "Exclusive with [exact presence] Regex match of the header value in re2 format.",
|
|
6349
6727
|
"minLength": 0,
|
|
6350
6728
|
"x-f5xc-required-for": {
|
|
6351
6729
|
"minimum_config": false,
|
|
@@ -6355,6 +6733,8 @@
|
|
|
6355
6733
|
}
|
|
6356
6734
|
}
|
|
6357
6735
|
},
|
|
6736
|
+
"x-f5xc-description-short": "Header match is done using the name of the header and its value.",
|
|
6737
|
+
"x-f5xc-description-medium": "Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header Header Match can also be inverse of above, which be used to check missing header or non-matching value.",
|
|
6358
6738
|
"x-f5xc-minimum-configuration": {
|
|
6359
6739
|
"description": "Minimum configuration for ioschemaHeaderMatcherType",
|
|
6360
6740
|
"required_fields": [
|
|
@@ -6385,6 +6765,8 @@
|
|
|
6385
6765
|
"x-displayname": "Kind",
|
|
6386
6766
|
"x-ves-example": "Virtual_site.",
|
|
6387
6767
|
"x-f5xc-example": "virtual_site",
|
|
6768
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. \"route\")",
|
|
6769
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. \"route\").",
|
|
6388
6770
|
"minLength": 0,
|
|
6389
6771
|
"maxLength": 14,
|
|
6390
6772
|
"x-f5xc-required-for": {
|
|
@@ -6396,7 +6778,7 @@
|
|
|
6396
6778
|
"readOnly": true,
|
|
6397
6779
|
"x-original-maxLength": 1024,
|
|
6398
6780
|
"x-reconciled-from-discovery": true,
|
|
6399
|
-
"x-reconciled-at": "2026-01-
|
|
6781
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793385+00:00"
|
|
6400
6782
|
},
|
|
6401
6783
|
"name": {
|
|
6402
6784
|
"type": "string",
|
|
@@ -6405,6 +6787,8 @@
|
|
|
6405
6787
|
"x-displayname": "Name",
|
|
6406
6788
|
"x-ves-example": "Contactus-route.",
|
|
6407
6789
|
"x-f5xc-example": "contactus-route",
|
|
6790
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g.",
|
|
6791
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name.",
|
|
6408
6792
|
"minLength": 0,
|
|
6409
6793
|
"maxLength": 16,
|
|
6410
6794
|
"x-f5xc-required-for": {
|
|
@@ -6415,7 +6799,7 @@
|
|
|
6415
6799
|
},
|
|
6416
6800
|
"x-original-maxLength": 1024,
|
|
6417
6801
|
"x-reconciled-from-discovery": true,
|
|
6418
|
-
"x-reconciled-at": "2026-01-
|
|
6802
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793389+00:00"
|
|
6419
6803
|
},
|
|
6420
6804
|
"namespace": {
|
|
6421
6805
|
"type": "string",
|
|
@@ -6424,6 +6808,8 @@
|
|
|
6424
6808
|
"x-displayname": "Namespace",
|
|
6425
6809
|
"x-ves-example": "Ns1",
|
|
6426
6810
|
"x-f5xc-example": "ns1",
|
|
6811
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g.",
|
|
6812
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace.",
|
|
6427
6813
|
"minLength": 0,
|
|
6428
6814
|
"maxLength": 6,
|
|
6429
6815
|
"x-f5xc-required-for": {
|
|
@@ -6434,7 +6820,7 @@
|
|
|
6434
6820
|
},
|
|
6435
6821
|
"x-original-maxLength": 1024,
|
|
6436
6822
|
"x-reconciled-from-discovery": true,
|
|
6437
|
-
"x-reconciled-at": "2026-01-
|
|
6823
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793393+00:00"
|
|
6438
6824
|
},
|
|
6439
6825
|
"tenant": {
|
|
6440
6826
|
"type": "string",
|
|
@@ -6443,6 +6829,8 @@
|
|
|
6443
6829
|
"x-displayname": "Tenant",
|
|
6444
6830
|
"x-ves-example": "Example-corp.",
|
|
6445
6831
|
"x-f5xc-example": "example-corp",
|
|
6832
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g.",
|
|
6833
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant.",
|
|
6446
6834
|
"minLength": 0,
|
|
6447
6835
|
"maxLength": 18,
|
|
6448
6836
|
"x-f5xc-required-for": {
|
|
@@ -6455,7 +6843,7 @@
|
|
|
6455
6843
|
"x-field-mutability": "read-only",
|
|
6456
6844
|
"x-original-maxLength": 1024,
|
|
6457
6845
|
"x-reconciled-from-discovery": true,
|
|
6458
|
-
"x-reconciled-at": "2026-01-
|
|
6846
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793397+00:00"
|
|
6459
6847
|
},
|
|
6460
6848
|
"uid": {
|
|
6461
6849
|
"type": "string",
|
|
@@ -6464,6 +6852,8 @@
|
|
|
6464
6852
|
"x-displayname": "UID",
|
|
6465
6853
|
"x-ves-example": "D15f1fad-4d37-48c0-8706-df1824d76d31.",
|
|
6466
6854
|
"x-f5xc-example": "d15f1fad-4d37-48c0-8706-df1824d76d31",
|
|
6855
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g.",
|
|
6856
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. Route's) uid.",
|
|
6467
6857
|
"minLength": 0,
|
|
6468
6858
|
"maxLength": 36,
|
|
6469
6859
|
"x-f5xc-required-for": {
|
|
@@ -6477,9 +6867,11 @@
|
|
|
6477
6867
|
"x-original-maxLength": 1024,
|
|
6478
6868
|
"format": "uuid",
|
|
6479
6869
|
"x-reconciled-from-discovery": true,
|
|
6480
|
-
"x-reconciled-at": "2026-01-
|
|
6870
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793403+00:00"
|
|
6481
6871
|
}
|
|
6482
6872
|
},
|
|
6873
|
+
"x-f5xc-description-short": "Type establishes a 'direct reference' from one object(the referrer) to another(the referred).",
|
|
6874
|
+
"x-f5xc-description-medium": "Type establishes a 'direct reference' from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector...",
|
|
6483
6875
|
"x-f5xc-minimum-configuration": {
|
|
6484
6876
|
"description": "Minimum configuration for ioschemaObjectRefType",
|
|
6485
6877
|
"required_fields": [
|
|
@@ -6515,9 +6907,10 @@
|
|
|
6515
6907
|
"maxLength": 15,
|
|
6516
6908
|
"minLength": 3,
|
|
6517
6909
|
"x-reconciled-from-discovery": true,
|
|
6518
|
-
"x-reconciled-at": "2026-01-
|
|
6910
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793409+00:00"
|
|
6519
6911
|
}
|
|
6520
6912
|
},
|
|
6913
|
+
"x-f5xc-description-short": "X-displayName: \"Avg Aggregation Data\" Average Aggregation data.",
|
|
6521
6914
|
"x-f5xc-minimum-configuration": {
|
|
6522
6915
|
"description": "Minimum configuration for logAvgAggregationData",
|
|
6523
6916
|
"required_fields": [
|
|
@@ -6540,6 +6933,7 @@
|
|
|
6540
6933
|
"description": "X-displayName: \"Count\"\nx-example: 100\nCount of distinct values of a log field.",
|
|
6541
6934
|
"title": "Count",
|
|
6542
6935
|
"format": "uint64",
|
|
6936
|
+
"x-f5xc-example": "42",
|
|
6543
6937
|
"minLength": 0,
|
|
6544
6938
|
"maxLength": 1024,
|
|
6545
6939
|
"x-f5xc-required-for": {
|
|
@@ -6553,6 +6947,8 @@
|
|
|
6553
6947
|
"$ref": "#/components/schemas/schemaTrendValue"
|
|
6554
6948
|
}
|
|
6555
6949
|
},
|
|
6950
|
+
"x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation Data\" Approximate count of distinct values of the log field specified in the request.",
|
|
6951
|
+
"x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation Data\" Approximate count of distinct values of the log field specified in the request.",
|
|
6556
6952
|
"x-f5xc-minimum-configuration": {
|
|
6557
6953
|
"description": "Minimum configuration for logCardinalityAggregationData",
|
|
6558
6954
|
"required_fields": [
|
|
@@ -6576,6 +6972,7 @@
|
|
|
6576
6972
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
6577
6973
|
"title": "Count",
|
|
6578
6974
|
"format": "uint64",
|
|
6975
|
+
"x-f5xc-example": "42",
|
|
6579
6976
|
"minLength": 0,
|
|
6580
6977
|
"maxLength": 1024,
|
|
6581
6978
|
"x-f5xc-required-for": {
|
|
@@ -6589,6 +6986,7 @@
|
|
|
6589
6986
|
"type": "object",
|
|
6590
6987
|
"description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the date bucket.",
|
|
6591
6988
|
"title": "Sub aggregation.",
|
|
6989
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the date bucket.",
|
|
6592
6990
|
"x-f5xc-required-for": {
|
|
6593
6991
|
"minimum_config": false,
|
|
6594
6992
|
"create": false,
|
|
@@ -6614,6 +7012,8 @@
|
|
|
6614
7012
|
"$ref": "#/components/schemas/schemaTrendValue"
|
|
6615
7013
|
}
|
|
6616
7014
|
},
|
|
7015
|
+
"x-f5xc-description-short": "X-displayName: \"Date Aggregation Bucket\" Date histogram bucket containing the timestamp and the number of logs in that bucket.",
|
|
7016
|
+
"x-f5xc-description-medium": "X-displayName: \"Date Aggregation Bucket\" Date histogram bucket containing the timestamp and the number of logs in that bucket.",
|
|
6617
7017
|
"x-f5xc-minimum-configuration": {
|
|
6618
7018
|
"description": "Minimum configuration for logDateAggregationBucket",
|
|
6619
7019
|
"required_fields": [
|
|
@@ -6641,6 +7041,7 @@
|
|
|
6641
7041
|
"items": {
|
|
6642
7042
|
"$ref": "#/components/schemas/logDateAggregationBucket"
|
|
6643
7043
|
},
|
|
7044
|
+
"x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing timestamp and the corresponding log count.",
|
|
6644
7045
|
"x-f5xc-required-for": {
|
|
6645
7046
|
"minimum_config": false,
|
|
6646
7047
|
"create": false,
|
|
@@ -6653,6 +7054,8 @@
|
|
|
6653
7054
|
"description": "X-displayName: \"Step\"\nActual step size in the response. It could be higher than the requested step depending on the query duration and/or the log rollups.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
|
|
6654
7055
|
"title": "Step",
|
|
6655
7056
|
"x-f5xc-example": "30m",
|
|
7057
|
+
"x-f5xc-description-short": "X-displayName: \"Step\" Actual step size in the response.",
|
|
7058
|
+
"x-f5xc-description-medium": "X-displayName: \"Step\" Actual step size in the response. It could be higher than the requested step depending on the query duration and/or the log rollups. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
|
|
6656
7059
|
"minLength": 0,
|
|
6657
7060
|
"maxLength": 1024,
|
|
6658
7061
|
"x-f5xc-required-for": {
|
|
@@ -6663,6 +7066,7 @@
|
|
|
6663
7066
|
}
|
|
6664
7067
|
}
|
|
6665
7068
|
},
|
|
7069
|
+
"x-f5xc-description-short": "X-displayName: \"Date Aggregation Data\" Date aggregation data.",
|
|
6666
7070
|
"x-f5xc-minimum-configuration": {
|
|
6667
7071
|
"description": "Minimum configuration for logDateAggregationData",
|
|
6668
7072
|
"required_fields": [
|
|
@@ -6688,6 +7092,7 @@
|
|
|
6688
7092
|
"$ref": "#/components/schemas/logMultiFieldAggregationData"
|
|
6689
7093
|
}
|
|
6690
7094
|
},
|
|
7095
|
+
"x-f5xc-description-short": "X-displayName: \"Date SubAggregation\" Date subaggregation data.",
|
|
6691
7096
|
"x-f5xc-minimum-configuration": {
|
|
6692
7097
|
"description": "Minimum configuration for logDateSubAggregationData",
|
|
6693
7098
|
"required_fields": [
|
|
@@ -6711,6 +7116,7 @@
|
|
|
6711
7116
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
6712
7117
|
"title": "Count",
|
|
6713
7118
|
"format": "uint64",
|
|
7119
|
+
"x-f5xc-example": "42",
|
|
6714
7120
|
"minLength": 0,
|
|
6715
7121
|
"maxLength": 1024,
|
|
6716
7122
|
"x-f5xc-required-for": {
|
|
@@ -6735,7 +7141,7 @@
|
|
|
6735
7141
|
},
|
|
6736
7142
|
"x-original-maxLength": 1024,
|
|
6737
7143
|
"x-reconciled-from-discovery": true,
|
|
6738
|
-
"x-reconciled-at": "2026-01-
|
|
7144
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793431+00:00"
|
|
6739
7145
|
},
|
|
6740
7146
|
"order_by": {
|
|
6741
7147
|
"$ref": "#/components/schemas/logOrderByData"
|
|
@@ -6744,6 +7150,7 @@
|
|
|
6744
7150
|
"type": "object",
|
|
6745
7151
|
"description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the field aggregation bucket.",
|
|
6746
7152
|
"title": "Sub aggregation.",
|
|
7153
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the field aggregation bucket.",
|
|
6747
7154
|
"x-f5xc-required-for": {
|
|
6748
7155
|
"minimum_config": false,
|
|
6749
7156
|
"create": false,
|
|
@@ -6755,6 +7162,8 @@
|
|
|
6755
7162
|
"$ref": "#/components/schemas/schemaTrendValue"
|
|
6756
7163
|
}
|
|
6757
7164
|
},
|
|
7165
|
+
"x-f5xc-description-short": "X-displayName: \"Field Aggregation Bucket\" Field aggregation bucket containing field value and the number of logs.",
|
|
7166
|
+
"x-f5xc-description-medium": "X-displayName: \"Field Aggregation Bucket\" Field aggregation bucket containing field value and the number of logs.",
|
|
6758
7167
|
"x-f5xc-minimum-configuration": {
|
|
6759
7168
|
"description": "Minimum configuration for logFieldAggregationBucket",
|
|
6760
7169
|
"required_fields": [
|
|
@@ -6783,6 +7192,7 @@
|
|
|
6783
7192
|
"items": {
|
|
6784
7193
|
"$ref": "#/components/schemas/logFieldAggregationBucket"
|
|
6785
7194
|
},
|
|
7195
|
+
"x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field value and the corresponding log count.",
|
|
6786
7196
|
"x-f5xc-required-for": {
|
|
6787
7197
|
"minimum_config": false,
|
|
6788
7198
|
"create": false,
|
|
@@ -6791,6 +7201,7 @@
|
|
|
6791
7201
|
}
|
|
6792
7202
|
}
|
|
6793
7203
|
},
|
|
7204
|
+
"x-f5xc-description-short": "X-displayName: \"Field Aggregation Data\" Field Aggregation data.",
|
|
6794
7205
|
"x-f5xc-minimum-configuration": {
|
|
6795
7206
|
"description": "Minimum configuration for logFieldAggregationData",
|
|
6796
7207
|
"required_fields": [
|
|
@@ -6813,6 +7224,7 @@
|
|
|
6813
7224
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
6814
7225
|
"title": "Count",
|
|
6815
7226
|
"format": "uint64",
|
|
7227
|
+
"x-f5xc-example": "42",
|
|
6816
7228
|
"minLength": 0,
|
|
6817
7229
|
"maxLength": 1024,
|
|
6818
7230
|
"x-f5xc-required-for": {
|
|
@@ -6827,6 +7239,7 @@
|
|
|
6827
7239
|
"description": "X-displayName: \"Key\"\nKey contain the name/value pair that identifies the unique key fields.",
|
|
6828
7240
|
"title": "Keys",
|
|
6829
7241
|
"x-f5xc-example": "HIT, MISS, REVALIDATED",
|
|
7242
|
+
"x-f5xc-description-short": "X-displayName: \"Key\" Key contain the name/value pair that identifies the unique key fields.",
|
|
6830
7243
|
"minLength": 0,
|
|
6831
7244
|
"maxLength": 16,
|
|
6832
7245
|
"x-f5xc-required-for": {
|
|
@@ -6837,12 +7250,14 @@
|
|
|
6837
7250
|
},
|
|
6838
7251
|
"x-original-maxLength": 1024,
|
|
6839
7252
|
"x-reconciled-from-discovery": true,
|
|
6840
|
-
"x-reconciled-at": "2026-01-
|
|
7253
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793444+00:00"
|
|
6841
7254
|
},
|
|
6842
7255
|
"order_by": {
|
|
6843
7256
|
"$ref": "#/components/schemas/logOrderByData"
|
|
6844
7257
|
}
|
|
6845
7258
|
},
|
|
7259
|
+
"x-f5xc-description-short": "X-displayName: \"Field Sub Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
|
|
7260
|
+
"x-f5xc-description-medium": "X-displayName: \"Field Sub Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
|
|
6846
7261
|
"x-f5xc-minimum-configuration": {
|
|
6847
7262
|
"description": "Minimum configuration for logFieldSubAggregationBucket",
|
|
6848
7263
|
"required_fields": [
|
|
@@ -6872,6 +7287,7 @@
|
|
|
6872
7287
|
"items": {
|
|
6873
7288
|
"$ref": "#/components/schemas/logFieldSubAggregationBucket"
|
|
6874
7289
|
},
|
|
7290
|
+
"x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field values and the corresponding log count.",
|
|
6875
7291
|
"x-f5xc-required-for": {
|
|
6876
7292
|
"minimum_config": false,
|
|
6877
7293
|
"create": false,
|
|
@@ -6895,6 +7311,7 @@
|
|
|
6895
7311
|
"$ref": "#/components/schemas/logMultiFilterAggregationData"
|
|
6896
7312
|
}
|
|
6897
7313
|
},
|
|
7314
|
+
"x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Field subaggregation data.",
|
|
6898
7315
|
"x-f5xc-minimum-configuration": {
|
|
6899
7316
|
"description": "Minimum configuration for logFieldSubAggregationData",
|
|
6900
7317
|
"required_fields": [
|
|
@@ -6923,6 +7340,7 @@
|
|
|
6923
7340
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
6924
7341
|
"title": "Count",
|
|
6925
7342
|
"format": "uint64",
|
|
7343
|
+
"x-f5xc-example": "42",
|
|
6926
7344
|
"minLength": 0,
|
|
6927
7345
|
"maxLength": 1024,
|
|
6928
7346
|
"x-f5xc-required-for": {
|
|
@@ -6937,6 +7355,7 @@
|
|
|
6937
7355
|
"description": "X-displayName: \"Key\"\nKey contain the name/value pair that identifies the unique key fields.",
|
|
6938
7356
|
"title": "Keys",
|
|
6939
7357
|
"x-f5xc-example": "HIT, MISS, REVALIDATED",
|
|
7358
|
+
"x-f5xc-description-short": "X-displayName: \"Key\" Key contain the name/value pair that identifies the unique key fields.",
|
|
6940
7359
|
"minLength": 0,
|
|
6941
7360
|
"maxLength": 16,
|
|
6942
7361
|
"x-f5xc-required-for": {
|
|
@@ -6947,9 +7366,11 @@
|
|
|
6947
7366
|
},
|
|
6948
7367
|
"x-original-maxLength": 1024,
|
|
6949
7368
|
"x-reconciled-from-discovery": true,
|
|
6950
|
-
"x-reconciled-at": "2026-01-
|
|
7369
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793459+00:00"
|
|
6951
7370
|
}
|
|
6952
7371
|
},
|
|
7372
|
+
"x-f5xc-description-short": "X-displayName: \"Field Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
|
|
7373
|
+
"x-f5xc-description-medium": "X-displayName: \"Field Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
|
|
6953
7374
|
"x-f5xc-minimum-configuration": {
|
|
6954
7375
|
"description": "Minimum configuration for logFieldSubFieldAggregationBucket",
|
|
6955
7376
|
"required_fields": [
|
|
@@ -6975,6 +7396,7 @@
|
|
|
6975
7396
|
"items": {
|
|
6976
7397
|
"$ref": "#/components/schemas/logFieldSubFieldAggregationBucket"
|
|
6977
7398
|
},
|
|
7399
|
+
"x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field value and the corresponding log count.",
|
|
6978
7400
|
"x-f5xc-required-for": {
|
|
6979
7401
|
"minimum_config": false,
|
|
6980
7402
|
"create": false,
|
|
@@ -6983,6 +7405,7 @@
|
|
|
6983
7405
|
}
|
|
6984
7406
|
}
|
|
6985
7407
|
},
|
|
7408
|
+
"x-f5xc-description-short": "X-displayName: \"Field Sub Field Aggregation Data\" Field Aggregation data as Field Sub-aggregation.",
|
|
6986
7409
|
"x-f5xc-minimum-configuration": {
|
|
6987
7410
|
"description": "Minimum configuration for logFieldSubFieldAggregationData",
|
|
6988
7411
|
"required_fields": [
|
|
@@ -7005,6 +7428,7 @@
|
|
|
7005
7428
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
7006
7429
|
"title": "Count",
|
|
7007
7430
|
"format": "uint64",
|
|
7431
|
+
"x-f5xc-example": "42",
|
|
7008
7432
|
"minLength": 0,
|
|
7009
7433
|
"maxLength": 1024,
|
|
7010
7434
|
"x-f5xc-required-for": {
|
|
@@ -7018,6 +7442,7 @@
|
|
|
7018
7442
|
"type": "object",
|
|
7019
7443
|
"description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the filter aggregation.",
|
|
7020
7444
|
"title": "Sub aggregation.",
|
|
7445
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the filter aggregation.",
|
|
7021
7446
|
"x-f5xc-required-for": {
|
|
7022
7447
|
"minimum_config": false,
|
|
7023
7448
|
"create": false,
|
|
@@ -7026,6 +7451,7 @@
|
|
|
7026
7451
|
}
|
|
7027
7452
|
}
|
|
7028
7453
|
},
|
|
7454
|
+
"x-f5xc-description-short": "X-displayName: \"Filter Aggregation Data\" Filter Aggregation Data.",
|
|
7029
7455
|
"x-f5xc-minimum-configuration": {
|
|
7030
7456
|
"description": "Minimum configuration for logFilterAggregationData",
|
|
7031
7457
|
"required_fields": [
|
|
@@ -7051,6 +7477,7 @@
|
|
|
7051
7477
|
"items": {
|
|
7052
7478
|
"$ref": "#/components/schemas/logFilterSubFieldAggregationBucket"
|
|
7053
7479
|
},
|
|
7480
|
+
"x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field value and the corresponding log count.",
|
|
7054
7481
|
"x-f5xc-required-for": {
|
|
7055
7482
|
"minimum_config": false,
|
|
7056
7483
|
"create": false,
|
|
@@ -7059,6 +7486,7 @@
|
|
|
7059
7486
|
}
|
|
7060
7487
|
}
|
|
7061
7488
|
},
|
|
7489
|
+
"x-f5xc-description-short": "X-displayName: \"FilterSubAggregation\" Filter subaggregation data.",
|
|
7062
7490
|
"x-f5xc-minimum-configuration": {
|
|
7063
7491
|
"description": "Minimum configuration for logFilterSubAggregationData",
|
|
7064
7492
|
"required_fields": [
|
|
@@ -7081,6 +7509,7 @@
|
|
|
7081
7509
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
7082
7510
|
"title": "Count",
|
|
7083
7511
|
"format": "uint64",
|
|
7512
|
+
"x-f5xc-example": "42",
|
|
7084
7513
|
"minLength": 0,
|
|
7085
7514
|
"maxLength": 1024,
|
|
7086
7515
|
"x-f5xc-required-for": {
|
|
@@ -7095,6 +7524,7 @@
|
|
|
7095
7524
|
"description": "X-displayName: \"Key\"\nKey contain the name/value pair that identifies the unique key fields.",
|
|
7096
7525
|
"title": "Keys",
|
|
7097
7526
|
"x-f5xc-example": "HIT, MISS, REVALIDATED",
|
|
7527
|
+
"x-f5xc-description-short": "X-displayName: \"Key\" Key contain the name/value pair that identifies the unique key fields.",
|
|
7098
7528
|
"minLength": 0,
|
|
7099
7529
|
"maxLength": 16,
|
|
7100
7530
|
"x-f5xc-required-for": {
|
|
@@ -7105,12 +7535,13 @@
|
|
|
7105
7535
|
},
|
|
7106
7536
|
"x-original-maxLength": 1024,
|
|
7107
7537
|
"x-reconciled-from-discovery": true,
|
|
7108
|
-
"x-reconciled-at": "2026-01-
|
|
7538
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793472+00:00"
|
|
7109
7539
|
},
|
|
7110
7540
|
"sub_aggs": {
|
|
7111
7541
|
"type": "object",
|
|
7112
7542
|
"description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the filter aggregation.",
|
|
7113
7543
|
"title": "Sub aggregation.",
|
|
7544
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the filter aggregation.",
|
|
7114
7545
|
"x-f5xc-required-for": {
|
|
7115
7546
|
"minimum_config": false,
|
|
7116
7547
|
"create": false,
|
|
@@ -7119,6 +7550,8 @@
|
|
|
7119
7550
|
}
|
|
7120
7551
|
}
|
|
7121
7552
|
},
|
|
7553
|
+
"x-f5xc-description-short": "X-displayName: \"Filter Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
|
|
7554
|
+
"x-f5xc-description-medium": "X-displayName: \"Filter Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
|
|
7122
7555
|
"x-f5xc-minimum-configuration": {
|
|
7123
7556
|
"description": "Minimum configuration for logFilterSubFieldAggregationBucket",
|
|
7124
7557
|
"required_fields": [
|
|
@@ -7169,6 +7602,7 @@
|
|
|
7169
7602
|
"$ref": "#/components/schemas/logMultiFilterAggregationData"
|
|
7170
7603
|
}
|
|
7171
7604
|
},
|
|
7605
|
+
"x-f5xc-description-short": "X-displayName: \"Log Aggregation\" Log aggregation response data.",
|
|
7172
7606
|
"x-f5xc-minimum-configuration": {
|
|
7173
7607
|
"description": "Minimum configuration for logLogAggregationData",
|
|
7174
7608
|
"required_fields": [
|
|
@@ -7209,9 +7643,10 @@
|
|
|
7209
7643
|
"maxLength": 15,
|
|
7210
7644
|
"minLength": 3,
|
|
7211
7645
|
"x-reconciled-from-discovery": true,
|
|
7212
|
-
"x-reconciled-at": "2026-01-
|
|
7646
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793489+00:00"
|
|
7213
7647
|
}
|
|
7214
7648
|
},
|
|
7649
|
+
"x-f5xc-description-short": "X-displayName: \"Max Aggregation Data\" Max Aggregation data.",
|
|
7215
7650
|
"x-f5xc-minimum-configuration": {
|
|
7216
7651
|
"description": "Minimum configuration for logMaxAggregationData",
|
|
7217
7652
|
"required_fields": [
|
|
@@ -7233,6 +7668,7 @@
|
|
|
7233
7668
|
"$ref": "#/components/schemas/logPercentileAggregationData"
|
|
7234
7669
|
}
|
|
7235
7670
|
},
|
|
7671
|
+
"x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Metrics aggregation data.",
|
|
7236
7672
|
"x-f5xc-minimum-configuration": {
|
|
7237
7673
|
"description": "Minimum configuration for logMetricsAggregationData",
|
|
7238
7674
|
"required_fields": [
|
|
@@ -7264,9 +7700,10 @@
|
|
|
7264
7700
|
"maxLength": 15,
|
|
7265
7701
|
"minLength": 3,
|
|
7266
7702
|
"x-reconciled-from-discovery": true,
|
|
7267
|
-
"x-reconciled-at": "2026-01-
|
|
7703
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793496+00:00"
|
|
7268
7704
|
}
|
|
7269
7705
|
},
|
|
7706
|
+
"x-f5xc-description-short": "X-displayName: \"Min Aggregation Data\" Min Aggregation data.",
|
|
7270
7707
|
"x-f5xc-minimum-configuration": {
|
|
7271
7708
|
"description": "Minimum configuration for logMinAggregationData",
|
|
7272
7709
|
"required_fields": [
|
|
@@ -7289,6 +7726,7 @@
|
|
|
7289
7726
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
7290
7727
|
"title": "Count",
|
|
7291
7728
|
"format": "uint64",
|
|
7729
|
+
"x-f5xc-example": "42",
|
|
7292
7730
|
"minLength": 0,
|
|
7293
7731
|
"maxLength": 1024,
|
|
7294
7732
|
"x-f5xc-required-for": {
|
|
@@ -7303,6 +7741,8 @@
|
|
|
7303
7741
|
"description": "X-displayName: \"Keys\"\nKeys contain the name/value pair that identifies the unique combination of multiple key fields\nSRC_IP\": \"10.10.10.1\", \"COUNTRY\": \"US\"}\"",
|
|
7304
7742
|
"title": "Keys",
|
|
7305
7743
|
"x-f5xc-example": "{",
|
|
7744
|
+
"x-f5xc-description-short": "X-displayName: \"Keys\" Keys contain the name/value pair that identifies the unique combination of multiple key fields SRC_IP\": \"10.10.10.1\"...",
|
|
7745
|
+
"x-f5xc-description-medium": "X-displayName: \"Keys\" Keys contain the name/value pair that identifies the unique combination of multiple key fields SRC_IP\": \"10.10.10.1\", \"COUNTRY\": \"US\"}\".",
|
|
7306
7746
|
"x-f5xc-required-for": {
|
|
7307
7747
|
"minimum_config": false,
|
|
7308
7748
|
"create": false,
|
|
@@ -7317,6 +7757,7 @@
|
|
|
7317
7757
|
"type": "object",
|
|
7318
7758
|
"description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the multi field aggregation bucket.",
|
|
7319
7759
|
"title": "Sub aggregation.",
|
|
7760
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the multi field aggregation bucket.",
|
|
7320
7761
|
"x-f5xc-required-for": {
|
|
7321
7762
|
"minimum_config": false,
|
|
7322
7763
|
"create": false,
|
|
@@ -7325,6 +7766,8 @@
|
|
|
7325
7766
|
}
|
|
7326
7767
|
}
|
|
7327
7768
|
},
|
|
7769
|
+
"x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation Bucket\" Multi-Field aggregation bucket containing field values and the number of logs.",
|
|
7770
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi-Field Aggregation Bucket\" Multi-Field aggregation bucket containing field values and the number of logs.",
|
|
7328
7771
|
"x-f5xc-minimum-configuration": {
|
|
7329
7772
|
"description": "Minimum configuration for logMultiFieldAggregationBucket",
|
|
7330
7773
|
"required_fields": [
|
|
@@ -7352,6 +7795,7 @@
|
|
|
7352
7795
|
"items": {
|
|
7353
7796
|
"$ref": "#/components/schemas/logMultiFieldAggregationBucket"
|
|
7354
7797
|
},
|
|
7798
|
+
"x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field values and the corresponding log count.",
|
|
7355
7799
|
"x-f5xc-required-for": {
|
|
7356
7800
|
"minimum_config": false,
|
|
7357
7801
|
"create": false,
|
|
@@ -7360,6 +7804,7 @@
|
|
|
7360
7804
|
}
|
|
7361
7805
|
}
|
|
7362
7806
|
},
|
|
7807
|
+
"x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation Data\" Multi-Field Aggregation data.",
|
|
7363
7808
|
"x-f5xc-minimum-configuration": {
|
|
7364
7809
|
"description": "Minimum configuration for logMultiFieldAggregationData",
|
|
7365
7810
|
"required_fields": [
|
|
@@ -7393,6 +7838,7 @@
|
|
|
7393
7838
|
"$ref": "#/components/schemas/logTopHitsAggregationData"
|
|
7394
7839
|
}
|
|
7395
7840
|
},
|
|
7841
|
+
"x-f5xc-description-short": "X-displayName: \"Multi Field SubAggregation\" Field subaggregation data.",
|
|
7396
7842
|
"x-f5xc-minimum-configuration": {
|
|
7397
7843
|
"description": "Minimum configuration for logMultiFieldSubAggregationData",
|
|
7398
7844
|
"required_fields": [
|
|
@@ -7419,6 +7865,7 @@
|
|
|
7419
7865
|
"description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
|
|
7420
7866
|
"title": "Count",
|
|
7421
7867
|
"format": "uint64",
|
|
7868
|
+
"x-f5xc-example": "42",
|
|
7422
7869
|
"minLength": 0,
|
|
7423
7870
|
"maxLength": 1024,
|
|
7424
7871
|
"x-f5xc-required-for": {
|
|
@@ -7429,6 +7876,7 @@
|
|
|
7429
7876
|
}
|
|
7430
7877
|
}
|
|
7431
7878
|
},
|
|
7879
|
+
"x-f5xc-description-short": "X-displayName: \"Multi Filter Aggregation Data\" Multi Filter Aggregation data.",
|
|
7432
7880
|
"x-f5xc-minimum-configuration": {
|
|
7433
7881
|
"description": "Minimum configuration for logMultiFilterAggregationData",
|
|
7434
7882
|
"required_fields": [
|
|
@@ -7450,6 +7898,7 @@
|
|
|
7450
7898
|
"$ref": "#/components/schemas/logMetricsAggregationData"
|
|
7451
7899
|
}
|
|
7452
7900
|
},
|
|
7901
|
+
"x-f5xc-description-short": "X-displayName: \"Order by Data\" Order by data.",
|
|
7453
7902
|
"x-f5xc-minimum-configuration": {
|
|
7454
7903
|
"description": "Minimum configuration for logOrderByData",
|
|
7455
7904
|
"required_fields": [
|
|
@@ -7472,6 +7921,7 @@
|
|
|
7472
7921
|
"description": "X-displayName: \"Key\"\nx-example: 99.0.",
|
|
7473
7922
|
"title": "Key",
|
|
7474
7923
|
"format": "double",
|
|
7924
|
+
"x-f5xc-example": "[REDACTED_PUBLIC_KEY]",
|
|
7475
7925
|
"x-f5xc-required-for": {
|
|
7476
7926
|
"minimum_config": false,
|
|
7477
7927
|
"create": false,
|
|
@@ -7481,7 +7931,7 @@
|
|
|
7481
7931
|
"maxLength": 16,
|
|
7482
7932
|
"minLength": 7,
|
|
7483
7933
|
"x-reconciled-from-discovery": true,
|
|
7484
|
-
"x-reconciled-at": "2026-01-
|
|
7934
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793530+00:00"
|
|
7485
7935
|
},
|
|
7486
7936
|
"value": {
|
|
7487
7937
|
"type": "number",
|
|
@@ -7497,9 +7947,10 @@
|
|
|
7497
7947
|
"maxLength": 15,
|
|
7498
7948
|
"minLength": 3,
|
|
7499
7949
|
"x-reconciled-from-discovery": true,
|
|
7500
|
-
"x-reconciled-at": "2026-01-
|
|
7950
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793535+00:00"
|
|
7501
7951
|
}
|
|
7502
7952
|
},
|
|
7953
|
+
"x-f5xc-description-short": "X-displayName: \"Percentile Aggregation Data\" Percentile Aggregation data.",
|
|
7503
7954
|
"x-f5xc-minimum-configuration": {
|
|
7504
7955
|
"description": "Minimum configuration for logPercentileAggregationData",
|
|
7505
7956
|
"required_fields": [
|
|
@@ -7523,6 +7974,7 @@
|
|
|
7523
7974
|
"description": "X-displayName: \"Count\"\nx-example: 100\nCount of top hit values.",
|
|
7524
7975
|
"title": "Count",
|
|
7525
7976
|
"format": "uint64",
|
|
7977
|
+
"x-f5xc-example": "42",
|
|
7526
7978
|
"minLength": 0,
|
|
7527
7979
|
"maxLength": 1024,
|
|
7528
7980
|
"x-f5xc-required-for": {
|
|
@@ -7539,6 +7991,7 @@
|
|
|
7539
7991
|
"items": {
|
|
7540
7992
|
"type": "string"
|
|
7541
7993
|
},
|
|
7994
|
+
"x-f5xc-description-short": "X-displayName: \"Documents\" document values.",
|
|
7542
7995
|
"x-f5xc-required-for": {
|
|
7543
7996
|
"minimum_config": false,
|
|
7544
7997
|
"create": false,
|
|
@@ -7547,6 +8000,7 @@
|
|
|
7547
8000
|
}
|
|
7548
8001
|
}
|
|
7549
8002
|
},
|
|
8003
|
+
"x-f5xc-description-short": "X-displayName: \"TopHits Aggregation Data\" Top Hits Aggregation Data.",
|
|
7550
8004
|
"x-f5xc-minimum-configuration": {
|
|
7551
8005
|
"description": "Minimum configuration for logTopHitsAggregationData",
|
|
7552
8006
|
"required_fields": [
|
|
@@ -7586,6 +8040,7 @@
|
|
|
7586
8040
|
}
|
|
7587
8041
|
}
|
|
7588
8042
|
},
|
|
8043
|
+
"x-f5xc-description-short": "SecurityEventsCounter contains the timeseries data of security events counter.",
|
|
7589
8044
|
"x-f5xc-minimum-configuration": {
|
|
7590
8045
|
"description": "Minimum configuration for metricsSecurityEventsCounter",
|
|
7591
8046
|
"required_fields": [
|
|
@@ -7613,6 +8068,7 @@
|
|
|
7613
8068
|
"x-displayname": "Namespace",
|
|
7614
8069
|
"x-ves-example": "Blogging-app-namespace-1.",
|
|
7615
8070
|
"x-f5xc-example": "blogging-app-namespace-1",
|
|
8071
|
+
"x-f5xc-description-short": "Namespace for which the security event was generated.",
|
|
7616
8072
|
"minLength": 0,
|
|
7617
8073
|
"maxLength": 6,
|
|
7618
8074
|
"x-f5xc-required-for": {
|
|
@@ -7623,11 +8079,11 @@
|
|
|
7623
8079
|
},
|
|
7624
8080
|
"x-original-maxLength": 1024,
|
|
7625
8081
|
"x-reconciled-from-discovery": true,
|
|
7626
|
-
"x-reconciled-at": "2026-01-
|
|
8082
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793546+00:00"
|
|
7627
8083
|
},
|
|
7628
8084
|
"sec_event_type": {
|
|
7629
8085
|
"type": "string",
|
|
7630
|
-
"description": "",
|
|
8086
|
+
"description": "Event or occurrence data",
|
|
7631
8087
|
"title": "Security Event Type.",
|
|
7632
8088
|
"x-displayname": "Security Event Type.",
|
|
7633
8089
|
"x-ves-example": "WAF",
|
|
@@ -7643,7 +8099,7 @@
|
|
|
7643
8099
|
},
|
|
7644
8100
|
"src_instance": {
|
|
7645
8101
|
"type": "string",
|
|
7646
|
-
"description": "",
|
|
8102
|
+
"description": "Instance or deployment identifier",
|
|
7647
8103
|
"title": "Source Instance.",
|
|
7648
8104
|
"x-displayname": "Source Instance.",
|
|
7649
8105
|
"x-ves-example": "IN",
|
|
@@ -7659,7 +8115,7 @@
|
|
|
7659
8115
|
},
|
|
7660
8116
|
"src_site": {
|
|
7661
8117
|
"type": "string",
|
|
7662
|
-
"description": "",
|
|
8118
|
+
"description": "Site or location identifier",
|
|
7663
8119
|
"title": "Source Site.",
|
|
7664
8120
|
"x-displayname": "Source Site.",
|
|
7665
8121
|
"x-ves-example": "Greatblogs-CE.",
|
|
@@ -7675,7 +8131,7 @@
|
|
|
7675
8131
|
},
|
|
7676
8132
|
"vh_name": {
|
|
7677
8133
|
"type": "string",
|
|
7678
|
-
"description": "",
|
|
8134
|
+
"description": "Human-readable name for the resource",
|
|
7679
8135
|
"title": "Virtual Host.",
|
|
7680
8136
|
"x-displayname": "Virtual Host.",
|
|
7681
8137
|
"x-ves-example": "Greatblogs-vhost.",
|
|
@@ -7690,6 +8146,8 @@
|
|
|
7690
8146
|
}
|
|
7691
8147
|
}
|
|
7692
8148
|
},
|
|
8149
|
+
"x-f5xc-description-short": "SecurityEventsId uniquely identifies an entry in the response for security events metrics query.",
|
|
8150
|
+
"x-f5xc-description-medium": "SecurityEventsId uniquely identifies an entry in the response for security events metrics query. Security events counter is aggregated based on the MetricLabel specified in the group_by field in the request. Therefore, only the fields that corresponds to the MetricLabel in the group_by will have...",
|
|
7693
8151
|
"x-f5xc-minimum-configuration": {
|
|
7694
8152
|
"description": "Minimum configuration for metricsSecurityEventsId",
|
|
7695
8153
|
"required_fields": [
|
|
@@ -7719,6 +8177,8 @@
|
|
|
7719
8177
|
"default": "NAMESPACE",
|
|
7720
8178
|
"x-displayname": "Security Events Metric Labels.",
|
|
7721
8179
|
"x-ves-proto-enum": "ves.io.schema.app_security.metrics.SecurityMetricLabel",
|
|
8180
|
+
"x-f5xc-description-short": "Labels in the security events metrics. Security events metric can be sliced and diced based on one or more labels listed below.",
|
|
8181
|
+
"x-f5xc-description-medium": "Labels in the security events metrics. Security events metric can be sliced and diced based on one or more labels listed below.",
|
|
7722
8182
|
"x-f5xc-minimum-configuration": {
|
|
7723
8183
|
"description": "Minimum configuration for metricsSecurityMetricLabel",
|
|
7724
8184
|
"required_fields": [],
|
|
@@ -7758,9 +8218,11 @@
|
|
|
7758
8218
|
},
|
|
7759
8219
|
"x-original-maxLength": 1024,
|
|
7760
8220
|
"x-reconciled-from-discovery": true,
|
|
7761
|
-
"x-reconciled-at": "2026-01-
|
|
8221
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793559+00:00"
|
|
7762
8222
|
}
|
|
7763
8223
|
},
|
|
8224
|
+
"x-f5xc-description-short": "Label based filtering for Security Events metrics. Security Events metrics are tagged with labels mentioned in MetricLabel.",
|
|
8225
|
+
"x-f5xc-description-medium": "Label based filtering for Security Events metrics. Security Events metrics are tagged with labels mentioned in MetricLabel. Metric label filter can be specified to query specific metrics based on label match.",
|
|
7764
8226
|
"x-f5xc-minimum-configuration": {
|
|
7765
8227
|
"description": "Minimum configuration for metricsSecurityMetricLabelFilter",
|
|
7766
8228
|
"required_fields": [
|
|
@@ -7786,6 +8248,7 @@
|
|
|
7786
8248
|
"default": "EQ",
|
|
7787
8249
|
"x-displayname": "Security Events Metric Label Operator.",
|
|
7788
8250
|
"x-ves-proto-enum": "ves.io.schema.app_security.metrics.SecurityMetricLabelOp",
|
|
8251
|
+
"x-f5xc-description-short": "The operator to use when querying Security Events metrics with labels.",
|
|
7789
8252
|
"x-f5xc-minimum-configuration": {
|
|
7790
8253
|
"description": "Minimum configuration for metricsSecurityMetricLabelOp",
|
|
7791
8254
|
"required_fields": [],
|
|
@@ -7820,7 +8283,7 @@
|
|
|
7820
8283
|
},
|
|
7821
8284
|
"value": {
|
|
7822
8285
|
"type": "string",
|
|
7823
|
-
"description": "
|
|
8286
|
+
"description": "Configuration parameter for value",
|
|
7824
8287
|
"title": "Value",
|
|
7825
8288
|
"x-displayname": "Value",
|
|
7826
8289
|
"x-ves-example": "15",
|
|
@@ -7835,9 +8298,10 @@
|
|
|
7835
8298
|
},
|
|
7836
8299
|
"x-original-maxLength": 1024,
|
|
7837
8300
|
"x-reconciled-from-discovery": true,
|
|
7838
|
-
"x-reconciled-at": "2026-01-
|
|
8301
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793565+00:00"
|
|
7839
8302
|
}
|
|
7840
8303
|
},
|
|
8304
|
+
"x-f5xc-description-short": "Value returned for a Security Events Metrics query.",
|
|
7841
8305
|
"x-f5xc-minimum-configuration": {
|
|
7842
8306
|
"description": "Minimum configuration for metricsSecurityMetricValue",
|
|
7843
8307
|
"required_fields": [
|
|
@@ -7875,6 +8339,8 @@
|
|
|
7875
8339
|
"x-validation-rules": {
|
|
7876
8340
|
"ves.io.schema.rules.string.max_len": "128"
|
|
7877
8341
|
},
|
|
8342
|
+
"x-f5xc-description-short": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check.",
|
|
8343
|
+
"x-f5xc-description-medium": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).",
|
|
7878
8344
|
"minLength": 0,
|
|
7879
8345
|
"x-f5xc-required-for": {
|
|
7880
8346
|
"minimum_config": false,
|
|
@@ -7887,6 +8353,7 @@
|
|
|
7887
8353
|
"$ref": "#/components/schemas/app_firewallAttackType"
|
|
7888
8354
|
}
|
|
7889
8355
|
},
|
|
8356
|
+
"x-f5xc-description-short": "App Firewall Attack Type context changes to be applied for this request.",
|
|
7890
8357
|
"x-f5xc-minimum-configuration": {
|
|
7891
8358
|
"description": "Minimum configuration for policyAppFirewallAttackTypeContext",
|
|
7892
8359
|
"required_fields": [
|
|
@@ -7925,6 +8392,7 @@
|
|
|
7925
8392
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
7926
8393
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
7927
8394
|
},
|
|
8395
|
+
"x-f5xc-description-short": "Attack Types to be excluded for the defined match criteria.",
|
|
7928
8396
|
"x-f5xc-required-for": {
|
|
7929
8397
|
"minimum_config": false,
|
|
7930
8398
|
"create": false,
|
|
@@ -7949,6 +8417,8 @@
|
|
|
7949
8417
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
7950
8418
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
7951
8419
|
},
|
|
8420
|
+
"x-f5xc-example": "example-resource",
|
|
8421
|
+
"x-f5xc-description-short": "Bot Names to be excluded for the defined match criteria.",
|
|
7952
8422
|
"x-f5xc-required-for": {
|
|
7953
8423
|
"minimum_config": false,
|
|
7954
8424
|
"create": false,
|
|
@@ -7973,6 +8443,7 @@
|
|
|
7973
8443
|
"ves.io.schema.rules.repeated.max_items": "1024",
|
|
7974
8444
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
7975
8445
|
},
|
|
8446
|
+
"x-f5xc-description-short": "Signature IDs to be excluded for the defined match criteria.",
|
|
7976
8447
|
"x-f5xc-required-for": {
|
|
7977
8448
|
"minimum_config": false,
|
|
7978
8449
|
"create": false,
|
|
@@ -7997,6 +8468,7 @@
|
|
|
7997
8468
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
7998
8469
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
7999
8470
|
},
|
|
8471
|
+
"x-f5xc-description-short": "Violations to be excluded for the defined match criteria.",
|
|
8000
8472
|
"x-f5xc-required-for": {
|
|
8001
8473
|
"minimum_config": false,
|
|
8002
8474
|
"create": false,
|
|
@@ -8005,6 +8477,8 @@
|
|
|
8005
8477
|
}
|
|
8006
8478
|
}
|
|
8007
8479
|
},
|
|
8480
|
+
"x-f5xc-description-short": "Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria.",
|
|
8481
|
+
"x-f5xc-description-medium": "Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria.",
|
|
8008
8482
|
"x-f5xc-minimum-configuration": {
|
|
8009
8483
|
"description": "Minimum configuration for policyAppFirewallDetectionControl",
|
|
8010
8484
|
"required_fields": [
|
|
@@ -8044,6 +8518,8 @@
|
|
|
8044
8518
|
"x-validation-rules": {
|
|
8045
8519
|
"ves.io.schema.rules.string.max_len": "128"
|
|
8046
8520
|
},
|
|
8521
|
+
"x-f5xc-description-short": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check.",
|
|
8522
|
+
"x-f5xc-description-medium": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).",
|
|
8047
8523
|
"minLength": 0,
|
|
8048
8524
|
"x-f5xc-required-for": {
|
|
8049
8525
|
"minimum_config": false,
|
|
@@ -8071,6 +8547,8 @@
|
|
|
8071
8547
|
"ves.io.schema.rules.uint32.gte": "0",
|
|
8072
8548
|
"ves.io.schema.rules.uint32.lte": "299999999"
|
|
8073
8549
|
},
|
|
8550
|
+
"x-f5xc-description-short": "The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the...",
|
|
8551
|
+
"x-f5xc-description-medium": "The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.",
|
|
8074
8552
|
"minimum": 0,
|
|
8075
8553
|
"maximum": 2147483647,
|
|
8076
8554
|
"x-f5xc-required-for": {
|
|
@@ -8082,6 +8560,7 @@
|
|
|
8082
8560
|
"x-field-mutability": "read-only"
|
|
8083
8561
|
}
|
|
8084
8562
|
},
|
|
8563
|
+
"x-f5xc-description-short": "App Firewall signature context changes to be applied for this request.",
|
|
8085
8564
|
"x-f5xc-minimum-configuration": {
|
|
8086
8565
|
"description": "Minimum configuration for policyAppFirewallSignatureContext",
|
|
8087
8566
|
"required_fields": [
|
|
@@ -8120,6 +8599,8 @@
|
|
|
8120
8599
|
"x-validation-rules": {
|
|
8121
8600
|
"ves.io.schema.rules.string.max_len": "128"
|
|
8122
8601
|
},
|
|
8602
|
+
"x-f5xc-description-short": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check.",
|
|
8603
|
+
"x-f5xc-description-medium": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).",
|
|
8123
8604
|
"minLength": 0,
|
|
8124
8605
|
"x-f5xc-required-for": {
|
|
8125
8606
|
"minimum_config": false,
|
|
@@ -8132,6 +8613,7 @@
|
|
|
8132
8613
|
"$ref": "#/components/schemas/app_firewallAppFirewallViolationType"
|
|
8133
8614
|
}
|
|
8134
8615
|
},
|
|
8616
|
+
"x-f5xc-description-short": "App Firewall violation context changes to be applied for this request.",
|
|
8135
8617
|
"x-f5xc-minimum-configuration": {
|
|
8136
8618
|
"description": "Minimum configuration for policyAppFirewallViolationContext",
|
|
8137
8619
|
"required_fields": [
|
|
@@ -8179,6 +8661,8 @@
|
|
|
8179
8661
|
"ves.io.schema.rules.repeated.min_items": "1",
|
|
8180
8662
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
8181
8663
|
},
|
|
8664
|
+
"x-f5xc-description-short": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy.",
|
|
8665
|
+
"x-f5xc-description-medium": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer. Required: YES.",
|
|
8182
8666
|
"x-f5xc-required-for": {
|
|
8183
8667
|
"minimum_config": false,
|
|
8184
8668
|
"create": false,
|
|
@@ -8187,6 +8671,8 @@
|
|
|
8187
8671
|
}
|
|
8188
8672
|
}
|
|
8189
8673
|
},
|
|
8674
|
+
"x-f5xc-description-short": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy.",
|
|
8675
|
+
"x-f5xc-description-medium": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer.",
|
|
8190
8676
|
"x-f5xc-minimum-configuration": {
|
|
8191
8677
|
"description": "Minimum configuration for policyAsnMatchList",
|
|
8192
8678
|
"required_fields": [
|
|
@@ -8224,6 +8710,7 @@
|
|
|
8224
8710
|
"ves.io.schema.rules.message.required": "true",
|
|
8225
8711
|
"ves.io.schema.rules.repeated.max_items": "4"
|
|
8226
8712
|
},
|
|
8713
|
+
"x-f5xc-description-short": "List of references to bgp_asn_set objects. Required: YES.",
|
|
8227
8714
|
"x-f5xc-required-for": {
|
|
8228
8715
|
"minimum_config": false,
|
|
8229
8716
|
"create": false,
|
|
@@ -8232,6 +8719,7 @@
|
|
|
8232
8719
|
}
|
|
8233
8720
|
}
|
|
8234
8721
|
},
|
|
8722
|
+
"x-f5xc-description-short": "Match any AS number contained in the list of bgp_asn_sets.",
|
|
8235
8723
|
"x-f5xc-minimum-configuration": {
|
|
8236
8724
|
"description": "Minimum configuration for policyAsnMatcherType",
|
|
8237
8725
|
"required_fields": [
|
|
@@ -8275,6 +8763,7 @@
|
|
|
8275
8763
|
}
|
|
8276
8764
|
}
|
|
8277
8765
|
},
|
|
8766
|
+
"x-f5xc-description-short": "Specifies bot to be excluded by its name.",
|
|
8278
8767
|
"x-f5xc-minimum-configuration": {
|
|
8279
8768
|
"description": "Minimum configuration for policyBotNameContext",
|
|
8280
8769
|
"required_fields": [
|
|
@@ -8392,6 +8881,7 @@
|
|
|
8392
8881
|
"ves.io.schema.rules.message.required": "true",
|
|
8393
8882
|
"ves.io.schema.rules.string.max_bytes": "256"
|
|
8394
8883
|
},
|
|
8884
|
+
"x-f5xc-description-short": "Case-sensitive cookie name. Required: YES.",
|
|
8395
8885
|
"minLength": 0,
|
|
8396
8886
|
"x-f5xc-required-for": {
|
|
8397
8887
|
"minimum_config": false,
|
|
@@ -8401,9 +8891,11 @@
|
|
|
8401
8891
|
},
|
|
8402
8892
|
"x-original-maxLength": 256,
|
|
8403
8893
|
"x-reconciled-from-discovery": true,
|
|
8404
|
-
"x-reconciled-at": "2026-01-
|
|
8894
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793609+00:00"
|
|
8405
8895
|
}
|
|
8406
8896
|
},
|
|
8897
|
+
"x-f5xc-description-short": "Cookie matcher specifies the name of a single cookie and the criteria to match it.",
|
|
8898
|
+
"x-f5xc-description-medium": "Cookie matcher specifies the name of a single cookie and the criteria to match it. The input has a list of values for each cookie in the request. A cookie matcher can check for one of the following: * Presence or absence of the cookie * At least one of the values for the cookie in the request...",
|
|
8407
8899
|
"x-f5xc-minimum-configuration": {
|
|
8408
8900
|
"description": "Minimum configuration for policyCookieMatcherType",
|
|
8409
8901
|
"required_fields": [
|
|
@@ -8711,6 +9203,8 @@
|
|
|
8711
9203
|
"default": "CONTEXT_ANY",
|
|
8712
9204
|
"x-displayname": "WAF Exclusion Context OPTIONS.",
|
|
8713
9205
|
"x-ves-proto-enum": "ves.io.schema.policy.DetectionContext",
|
|
9206
|
+
"x-f5xc-description-short": "The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY...",
|
|
9207
|
+
"x-f5xc-description-medium": "The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE...",
|
|
8714
9208
|
"x-f5xc-minimum-configuration": {
|
|
8715
9209
|
"description": "Minimum configuration for policyDetectionContext",
|
|
8716
9210
|
"required_fields": [],
|
|
@@ -8762,6 +9256,7 @@
|
|
|
8762
9256
|
"ves.io.schema.rules.repeated.max_items": "16",
|
|
8763
9257
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
8764
9258
|
},
|
|
9259
|
+
"x-f5xc-description-short": "List of methods values to match against.",
|
|
8765
9260
|
"x-f5xc-required-for": {
|
|
8766
9261
|
"minimum_config": false,
|
|
8767
9262
|
"create": false,
|
|
@@ -8770,6 +9265,8 @@
|
|
|
8770
9265
|
}
|
|
8771
9266
|
}
|
|
8772
9267
|
},
|
|
9268
|
+
"x-f5xc-description-short": "HTTP method matcher specifies a list of methods to match an input HTTP method.",
|
|
9269
|
+
"x-f5xc-description-medium": "HTTP method matcher specifies a list of methods to match an input HTTP method. The match is considered successful if the input method is a member of the list. The result of the match based on the method list is inverted if invert_matcher is true.",
|
|
8773
9270
|
"x-f5xc-minimum-configuration": {
|
|
8774
9271
|
"description": "Minimum configuration for policyHttpMethodMatcherType",
|
|
8775
9272
|
"required_fields": [
|
|
@@ -8804,6 +9301,8 @@
|
|
|
8804
9301
|
"default": "SPAM_SOURCES",
|
|
8805
9302
|
"x-displayname": "IP Threat Category.",
|
|
8806
9303
|
"x-ves-proto-enum": "ves.io.schema.policy.IPThreatCategory",
|
|
9304
|
+
"x-f5xc-description-short": "The IP threat categories to use when a policy based IP threat category is configured. - SPAM_SOURCES: SPAM_SOURCES - WINDOWS_EXPLOITS...",
|
|
9305
|
+
"x-f5xc-description-medium": "The IP threat categories to use when a policy based IP threat category is configured. - SPAM_SOURCES: SPAM_SOURCES - WINDOWS_EXPLOITS: WINDOWS_EXPLOITS - WEB_ATTACKS: WEB_ATTACKS - BOTNETS: BOTNETS - SCANNERS: SCANNERS - REPUTATION: REPUTATION - PHISHING: PHISHING - PROXY: PROXY ...",
|
|
8807
9306
|
"x-f5xc-minimum-configuration": {
|
|
8808
9307
|
"description": "Minimum configuration for policyIPThreatCategory",
|
|
8809
9308
|
"required_fields": [],
|
|
@@ -8852,6 +9351,7 @@
|
|
|
8852
9351
|
"ves.io.schema.rules.message.required": "true",
|
|
8853
9352
|
"ves.io.schema.rules.repeated.max_items": "4"
|
|
8854
9353
|
},
|
|
9354
|
+
"x-f5xc-description-short": "List of references to ip_prefix_set objects. Required: YES.",
|
|
8855
9355
|
"x-f5xc-required-for": {
|
|
8856
9356
|
"minimum_config": false,
|
|
8857
9357
|
"create": false,
|
|
@@ -8860,6 +9360,8 @@
|
|
|
8860
9360
|
}
|
|
8861
9361
|
}
|
|
8862
9362
|
},
|
|
9363
|
+
"x-f5xc-description-short": "Match any IP prefix contained in the list of ip_prefix_sets. The result of the match is inverted if invert_matcher is true.",
|
|
9364
|
+
"x-f5xc-description-medium": "Match any IP prefix contained in the list of ip_prefix_sets. The result of the match is inverted if invert_matcher is true.",
|
|
8863
9365
|
"x-f5xc-minimum-configuration": {
|
|
8864
9366
|
"description": "Minimum configuration for policyIpMatcherType",
|
|
8865
9367
|
"required_fields": [
|
|
@@ -8899,6 +9401,7 @@
|
|
|
8899
9401
|
"ves.io.schema.rules.repeated.max_items": "16",
|
|
8900
9402
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
8901
9403
|
},
|
|
9404
|
+
"x-f5xc-description-short": "List of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against.",
|
|
8902
9405
|
"x-f5xc-required-for": {
|
|
8903
9406
|
"minimum_config": false,
|
|
8904
9407
|
"create": false,
|
|
@@ -8907,6 +9410,8 @@
|
|
|
8907
9410
|
}
|
|
8908
9411
|
}
|
|
8909
9412
|
},
|
|
9413
|
+
"x-f5xc-description-short": "Extended version of JA3 that includes additional fields for more comprehensive fingerprinting of SSL/TLS clients and potentially has a different...",
|
|
9414
|
+
"x-f5xc-description-medium": "Extended version of JA3 that includes additional fields for more comprehensive fingerprinting of SSL/TLS clients and potentially has a different structure and length.",
|
|
8910
9415
|
"x-f5xc-minimum-configuration": {
|
|
8911
9416
|
"description": "Minimum configuration for policyJA4TlsFingerprintMatcherType",
|
|
8912
9417
|
"required_fields": [
|
|
@@ -8976,9 +9481,11 @@
|
|
|
8976
9481
|
},
|
|
8977
9482
|
"x-original-maxLength": 256,
|
|
8978
9483
|
"x-reconciled-from-discovery": true,
|
|
8979
|
-
"x-reconciled-at": "2026-01-
|
|
9484
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793627+00:00"
|
|
8980
9485
|
}
|
|
8981
9486
|
},
|
|
9487
|
+
"x-f5xc-description-short": "JWT claim matcher specifies the name of a single JWT claim and the criteria for the input request to match it.",
|
|
9488
|
+
"x-f5xc-description-medium": "JWT claim matcher specifies the name of a single JWT claim and the criteria for the input request to match it. The input has a list of actual values for each JWT claim name in the JWT payload. A JWT claim matcher can check for one of the following: * Presence or absence of the JWT Claim in the...",
|
|
8982
9489
|
"x-f5xc-minimum-configuration": {
|
|
8983
9490
|
"description": "Minimum configuration for policyJWTClaimMatcherType",
|
|
8984
9491
|
"required_fields": [
|
|
@@ -9018,6 +9525,8 @@
|
|
|
9018
9525
|
"default": "TLS_FINGERPRINT_NONE",
|
|
9019
9526
|
"x-displayname": "TLS known fingerprint class.",
|
|
9020
9527
|
"x-ves-proto-enum": "ves.io.schema.policy.KnownTlsFingerprintClass",
|
|
9528
|
+
"x-f5xc-description-short": "Specifies known TLS fingerprint classes - TLS_FINGERPRINT_NONE: TLS_FINGERPRINT_NONE No TLS fingerprint - ANY_MALICIOUS_FINGERPRINT...",
|
|
9529
|
+
"x-f5xc-description-medium": "Specifies known TLS fingerprint classes - TLS_FINGERPRINT_NONE: TLS_FINGERPRINT_NONE No TLS fingerprint - ANY_MALICIOUS_FINGERPRINT: ANY_MALICIOUS_FINGERPRINT TLS fingerprints known to be associated with malicious clients - ADWARE: ADWARE TLS fingerprints known to be associated with adware ...",
|
|
9021
9530
|
"x-f5xc-minimum-configuration": {
|
|
9022
9531
|
"description": "Minimum configuration for policyKnownTlsFingerprintClass",
|
|
9023
9532
|
"required_fields": [],
|
|
@@ -9059,6 +9568,7 @@
|
|
|
9059
9568
|
"ves.io.schema.rules.repeated.max_items": "64",
|
|
9060
9569
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
9061
9570
|
},
|
|
9571
|
+
"x-f5xc-description-short": "List of exact values to match the input against.",
|
|
9062
9572
|
"x-f5xc-required-for": {
|
|
9063
9573
|
"minimum_config": false,
|
|
9064
9574
|
"create": false,
|
|
@@ -9092,6 +9602,7 @@
|
|
|
9092
9602
|
"ves.io.schema.rules.repeated.max_items": "16",
|
|
9093
9603
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
9094
9604
|
},
|
|
9605
|
+
"x-f5xc-description-short": "List of regular expressions to match the input against.",
|
|
9095
9606
|
"x-f5xc-required-for": {
|
|
9096
9607
|
"minimum_config": false,
|
|
9097
9608
|
"create": false,
|
|
@@ -9117,6 +9628,7 @@
|
|
|
9117
9628
|
"ves.io.schema.rules.repeated.max_items": "9",
|
|
9118
9629
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
9119
9630
|
},
|
|
9631
|
+
"x-f5xc-description-short": "Ordered list of transformers (starting from index 0) to be applied to the path before matching.",
|
|
9120
9632
|
"x-f5xc-required-for": {
|
|
9121
9633
|
"minimum_config": false,
|
|
9122
9634
|
"create": false,
|
|
@@ -9125,6 +9637,8 @@
|
|
|
9125
9637
|
}
|
|
9126
9638
|
}
|
|
9127
9639
|
},
|
|
9640
|
+
"x-f5xc-description-short": "Matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied.",
|
|
9641
|
+
"x-f5xc-description-medium": "Matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions.",
|
|
9128
9642
|
"x-f5xc-minimum-configuration": {
|
|
9129
9643
|
"description": "Minimum configuration for policyMatcherType",
|
|
9130
9644
|
"required_fields": [
|
|
@@ -9190,6 +9704,7 @@
|
|
|
9190
9704
|
}
|
|
9191
9705
|
}
|
|
9192
9706
|
},
|
|
9707
|
+
"x-f5xc-description-short": "List of IP Prefix strings to match against.",
|
|
9193
9708
|
"x-f5xc-minimum-configuration": {
|
|
9194
9709
|
"description": "Minimum configuration for policyPrefixMatchList",
|
|
9195
9710
|
"required_fields": [
|
|
@@ -9225,6 +9740,8 @@
|
|
|
9225
9740
|
"x-validation-rules": {
|
|
9226
9741
|
"ves.io.schema.rules.repeated.max_items": "16"
|
|
9227
9742
|
},
|
|
9743
|
+
"x-f5xc-description-short": "List of predicates for all cookies that need to be matched.",
|
|
9744
|
+
"x-f5xc-description-medium": "List of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name.",
|
|
9228
9745
|
"x-f5xc-required-for": {
|
|
9229
9746
|
"minimum_config": false,
|
|
9230
9747
|
"create": false,
|
|
@@ -9247,6 +9764,9 @@
|
|
|
9247
9764
|
"x-validation-rules": {
|
|
9248
9765
|
"ves.io.schema.rules.repeated.max_items": "16"
|
|
9249
9766
|
},
|
|
9767
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
9768
|
+
"x-f5xc-description-short": "List of predicates for various HTTP headers that need to match.",
|
|
9769
|
+
"x-f5xc-description-medium": "List of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type.",
|
|
9250
9770
|
"x-f5xc-required-for": {
|
|
9251
9771
|
"minimum_config": false,
|
|
9252
9772
|
"create": false,
|
|
@@ -9269,6 +9789,8 @@
|
|
|
9269
9789
|
"x-validation-rules": {
|
|
9270
9790
|
"ves.io.schema.rules.repeated.max_items": "16"
|
|
9271
9791
|
},
|
|
9792
|
+
"x-f5xc-description-short": "List of predicates for various JWT claims that need to match.",
|
|
9793
|
+
"x-f5xc-description-medium": "List of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType instances. The actual JWT claims values are extracted from the JWT payload as a list of strings.",
|
|
9272
9794
|
"x-f5xc-required-for": {
|
|
9273
9795
|
"minimum_config": false,
|
|
9274
9796
|
"create": false,
|
|
@@ -9291,6 +9813,8 @@
|
|
|
9291
9813
|
"x-validation-rules": {
|
|
9292
9814
|
"ves.io.schema.rules.repeated.max_items": "16"
|
|
9293
9815
|
},
|
|
9816
|
+
"x-f5xc-description-short": "List of predicates for all query parameters that need to be matched.",
|
|
9817
|
+
"x-f5xc-description-medium": "List of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query...",
|
|
9294
9818
|
"x-f5xc-required-for": {
|
|
9295
9819
|
"minimum_config": false,
|
|
9296
9820
|
"create": false,
|
|
@@ -9353,6 +9877,7 @@
|
|
|
9353
9877
|
"ves.io.schema.rules.string.max_len": "256",
|
|
9354
9878
|
"ves.io.schema.rules.string.min_len": "1"
|
|
9355
9879
|
},
|
|
9880
|
+
"x-f5xc-description-short": "Exclusive with [any_domain suffix_value] Exact domain name.",
|
|
9356
9881
|
"x-f5xc-required-for": {
|
|
9357
9882
|
"minimum_config": false,
|
|
9358
9883
|
"create": false,
|
|
@@ -9368,6 +9893,8 @@
|
|
|
9368
9893
|
"x-displayname": "Expiration Timestamp.",
|
|
9369
9894
|
"x-ves-example": "2019-12-31:44:34.171543432Z.",
|
|
9370
9895
|
"x-f5xc-example": "2019-12-31:44:34.171543432Z",
|
|
9896
|
+
"x-f5xc-description-short": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired.",
|
|
9897
|
+
"x-f5xc-description-medium": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.",
|
|
9371
9898
|
"minLength": 0,
|
|
9372
9899
|
"maxLength": 1024,
|
|
9373
9900
|
"x-f5xc-required-for": {
|
|
@@ -9424,6 +9951,8 @@
|
|
|
9424
9951
|
"ves.io.schema.rules.string.http_path": "true",
|
|
9425
9952
|
"ves.io.schema.rules.string.max_len": "256"
|
|
9426
9953
|
},
|
|
9954
|
+
"x-f5xc-description-short": "Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)",
|
|
9955
|
+
"x-f5xc-description-medium": "Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths).",
|
|
9427
9956
|
"minLength": 0,
|
|
9428
9957
|
"x-f5xc-required-for": {
|
|
9429
9958
|
"minimum_config": false,
|
|
@@ -9448,6 +9977,8 @@
|
|
|
9448
9977
|
"ves.io.schema.rules.string.max_bytes": "256",
|
|
9449
9978
|
"ves.io.schema.rules.string.regex": "true"
|
|
9450
9979
|
},
|
|
9980
|
+
"x-f5xc-description-short": "Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.",
|
|
9981
|
+
"x-f5xc-description-medium": "Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.",
|
|
9451
9982
|
"minLength": 0,
|
|
9452
9983
|
"x-f5xc-required-for": {
|
|
9453
9984
|
"minimum_config": false,
|
|
@@ -9475,6 +10006,8 @@
|
|
|
9475
10006
|
"ves.io.schema.rules.string.max_len": "256",
|
|
9476
10007
|
"ves.io.schema.rules.string.min_len": "1"
|
|
9477
10008
|
},
|
|
10009
|
+
"x-f5xc-description-short": "Exclusive with [any_domain exact_value] Suffix of domain name e.g \"xyz.com\" will match \"*.xyz.com\" and \"xyz.com\".",
|
|
10010
|
+
"x-f5xc-description-medium": "Exclusive with [any_domain exact_value] Suffix of domain name e.g \"xyz.com\" will match \"*.xyz.com\" and \"xyz.com\".",
|
|
9478
10011
|
"x-f5xc-required-for": {
|
|
9479
10012
|
"minimum_config": false,
|
|
9480
10013
|
"create": false,
|
|
@@ -9486,6 +10019,8 @@
|
|
|
9486
10019
|
"$ref": "#/components/schemas/schemaEmpty"
|
|
9487
10020
|
}
|
|
9488
10021
|
},
|
|
10022
|
+
"x-f5xc-description-short": "Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.",
|
|
10023
|
+
"x-f5xc-description-medium": "Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.",
|
|
9489
10024
|
"x-f5xc-minimum-configuration": {
|
|
9490
10025
|
"description": "Minimum configuration for policySimpleWafExclusionRule",
|
|
9491
10026
|
"required_fields": [
|
|
@@ -9533,6 +10068,7 @@
|
|
|
9533
10068
|
"ves.io.schema.rules.repeated.max_items": "16",
|
|
9534
10069
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
9535
10070
|
},
|
|
10071
|
+
"x-f5xc-description-short": "List of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.",
|
|
9536
10072
|
"x-f5xc-required-for": {
|
|
9537
10073
|
"minimum_config": false,
|
|
9538
10074
|
"create": false,
|
|
@@ -9561,6 +10097,7 @@
|
|
|
9561
10097
|
"ves.io.schema.rules.repeated.max_items": "16",
|
|
9562
10098
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
9563
10099
|
},
|
|
10100
|
+
"x-f5xc-description-short": "List of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.",
|
|
9564
10101
|
"x-f5xc-required-for": {
|
|
9565
10102
|
"minimum_config": false,
|
|
9566
10103
|
"create": false,
|
|
@@ -9589,6 +10126,8 @@
|
|
|
9589
10126
|
"ves.io.schema.rules.repeated.max_items": "32",
|
|
9590
10127
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
9591
10128
|
},
|
|
10129
|
+
"x-f5xc-description-short": "List of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint.",
|
|
10130
|
+
"x-f5xc-description-medium": "List of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint. This can be used to skip known false positives when using one or more known TLS fingerprint classes in the enclosing matcher.",
|
|
9592
10131
|
"x-f5xc-required-for": {
|
|
9593
10132
|
"minimum_config": false,
|
|
9594
10133
|
"create": false,
|
|
@@ -9597,6 +10136,8 @@
|
|
|
9597
10136
|
}
|
|
9598
10137
|
}
|
|
9599
10138
|
},
|
|
10139
|
+
"x-f5xc-description-short": "TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint.",
|
|
10140
|
+
"x-f5xc-description-medium": "TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint. The set of supported positve match criteria includes a list of known classes of TLS fingerprints and a list of exact values. The match is considered successful if either of these positive criteria are satisfied...",
|
|
9600
10141
|
"x-f5xc-minimum-configuration": {
|
|
9601
10142
|
"description": "Minimum configuration for policyTlsFingerprintMatcherType",
|
|
9602
10143
|
"required_fields": [
|
|
@@ -9629,6 +10170,8 @@
|
|
|
9629
10170
|
"default": "TRANSFORMER_NONE",
|
|
9630
10171
|
"x-displayname": "Transformer.",
|
|
9631
10172
|
"x-ves-proto-enum": "ves.io.schema.policy.Transformer",
|
|
10173
|
+
"x-f5xc-description-short": "Transformers to be applied on the part of the request before matching. - TRANSFORMER_NONE: transformer none No transformers enabled - LOWER_CASE...",
|
|
10174
|
+
"x-f5xc-description-medium": "Transformers to be applied on the part of the request before matching. - TRANSFORMER_NONE: transformer none No transformers enabled - LOWER_CASE: lower case Convert string to lower case - UPPER_CASE: upper case Convert string to upper case - BASE64_DECODE: base64 decode Decode string assuming...",
|
|
9632
10175
|
"x-f5xc-minimum-configuration": {
|
|
9633
10176
|
"description": "Minimum configuration for policyTransformer",
|
|
9634
10177
|
"required_fields": [],
|
|
@@ -9651,6 +10194,8 @@
|
|
|
9651
10194
|
"default": "SECOND",
|
|
9652
10195
|
"x-displayname": "Rate Limit Period Unit.",
|
|
9653
10196
|
"x-ves-proto-enum": "ves.io.schema.rate_limiter.RateLimitPeriodUnit",
|
|
10197
|
+
"x-f5xc-description-short": "Unit for the period per which the rate limit is applied. - SECOND: Second Rate limit period unit is seconds - MINUTE: Minute Rate limit period...",
|
|
10198
|
+
"x-f5xc-description-medium": "Unit for the period per which the rate limit is applied. - SECOND: Second Rate limit period unit is seconds - MINUTE: Minute Rate limit period unit is minutes - HOUR: Hour Rate limit period unit is hours - DAY: Day Rate limit period unit is days.",
|
|
9654
10199
|
"x-f5xc-minimum-configuration": {
|
|
9655
10200
|
"description": "Minimum configuration for rate_limiterRateLimitPeriodUnit",
|
|
9656
10201
|
"required_fields": [],
|
|
@@ -9667,6 +10212,7 @@
|
|
|
9667
10212
|
"title": "Empty",
|
|
9668
10213
|
"x-displayname": "Empty",
|
|
9669
10214
|
"x-ves-proto-message": "ves.io.schema.Empty",
|
|
10215
|
+
"x-f5xc-description-short": "Can be used for messages where no values are needed.",
|
|
9670
10216
|
"x-f5xc-minimum-configuration": {
|
|
9671
10217
|
"description": "Minimum configuration for schemaEmpty",
|
|
9672
10218
|
"required_fields": [],
|
|
@@ -9697,6 +10243,7 @@
|
|
|
9697
10243
|
"default": "ANY",
|
|
9698
10244
|
"x-displayname": "HTTP Method.",
|
|
9699
10245
|
"x-ves-proto-enum": "ves.io.schema.HttpMethod",
|
|
10246
|
+
"x-f5xc-description-short": "Specifies the HTTP method used to access a resource. Any HTTP Method.",
|
|
9700
10247
|
"x-f5xc-minimum-configuration": {
|
|
9701
10248
|
"description": "Minimum configuration for schemaHttpMethod",
|
|
9702
10249
|
"required_fields": [],
|
|
@@ -9742,6 +10289,7 @@
|
|
|
9742
10289
|
"ves.io.schema.rules.repeated.items.string.min_len": "1",
|
|
9743
10290
|
"ves.io.schema.rules.repeated.max_items": "1"
|
|
9744
10291
|
},
|
|
10292
|
+
"x-f5xc-description-short": "Expressions contains the Kubernetes style label expression for selections. Required: YES.",
|
|
9745
10293
|
"x-f5xc-required-for": {
|
|
9746
10294
|
"minimum_config": false,
|
|
9747
10295
|
"create": false,
|
|
@@ -9750,6 +10298,8 @@
|
|
|
9750
10298
|
}
|
|
9751
10299
|
}
|
|
9752
10300
|
},
|
|
10301
|
+
"x-f5xc-description-short": "Type can be used to establish a 'selector reference' from one object(called selector) to a set of other objects(called selectees) based on the...",
|
|
10302
|
+
"x-f5xc-description-medium": "Type can be used to establish a 'selector reference' from one object(called selector) to a set of other objects(called selectees) based on the value of expresssions. A label selector is a label query over a set of resources. An empty label selector matches all objects.",
|
|
9753
10303
|
"x-f5xc-minimum-configuration": {
|
|
9754
10304
|
"description": "Minimum configuration for schemaLabelSelectorType",
|
|
9755
10305
|
"required_fields": [
|
|
@@ -9792,7 +10342,7 @@
|
|
|
9792
10342
|
},
|
|
9793
10343
|
"x-original-maxLength": 256,
|
|
9794
10344
|
"x-reconciled-from-discovery": true,
|
|
9795
|
-
"x-reconciled-at": "2026-01-
|
|
10345
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793668+00:00"
|
|
9796
10346
|
},
|
|
9797
10347
|
"name": {
|
|
9798
10348
|
"type": "string",
|
|
@@ -9813,6 +10363,7 @@
|
|
|
9813
10363
|
"ves.io.schema.rules.string.min_len": "1",
|
|
9814
10364
|
"ves.io.schema.rules.string.ves_object_name": "true"
|
|
9815
10365
|
},
|
|
10366
|
+
"x-f5xc-description-short": "Name of the message. The value of name has to follow DNS-1035 format.",
|
|
9816
10367
|
"maxLength": 16,
|
|
9817
10368
|
"x-f5xc-required-for": {
|
|
9818
10369
|
"minimum_config": false,
|
|
@@ -9822,9 +10373,11 @@
|
|
|
9822
10373
|
},
|
|
9823
10374
|
"x-original-maxLength": 1024,
|
|
9824
10375
|
"x-reconciled-from-discovery": true,
|
|
9825
|
-
"x-reconciled-at": "2026-01-
|
|
10376
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793673+00:00"
|
|
9826
10377
|
}
|
|
9827
10378
|
},
|
|
10379
|
+
"x-f5xc-description-short": "MessageMetaType is metadata (common attributes) of a message that only certain messages have.",
|
|
10380
|
+
"x-f5xc-description-medium": "MessageMetaType is metadata (common attributes) of a message that only certain messages have. This information is propagated to the metadata of a child object that gets created from the containing message during view processing. The information in this type can be specified by user during create...",
|
|
9828
10381
|
"x-f5xc-minimum-configuration": {
|
|
9829
10382
|
"description": "Minimum configuration for schemaMessageMetaType",
|
|
9830
10383
|
"required_fields": [
|
|
@@ -9855,6 +10408,8 @@
|
|
|
9855
10408
|
"default": "PROPERTY_QUERY_PARAMETERS",
|
|
9856
10409
|
"x-displayname": "OpenAPI Validation Properties.",
|
|
9857
10410
|
"x-ves-proto-enum": "ves.io.schema.OpenApiValidationProperties",
|
|
10411
|
+
"x-f5xc-description-short": "List of required properties to validate against the OpenAPI spec Validate that all query parameters are according to the OpenAPI specification...",
|
|
10412
|
+
"x-f5xc-description-medium": "List of required properties to validate against the OpenAPI spec Validate that all query parameters are according to the OpenAPI specification Validate that all path parameters are according to the OpenAPI specification Validate that the content type of the request is according to the OpenAPI...",
|
|
9858
10413
|
"x-f5xc-minimum-configuration": {
|
|
9859
10414
|
"description": "Minimum configuration for schemaOpenApiValidationProperties",
|
|
9860
10415
|
"required_fields": [],
|
|
@@ -9876,6 +10431,7 @@
|
|
|
9876
10431
|
"default": "DESCENDING",
|
|
9877
10432
|
"x-displayname": "Sort Order.",
|
|
9878
10433
|
"x-ves-proto-enum": "ves.io.schema.SortOrder",
|
|
10434
|
+
"x-f5xc-description-short": "Sort algorithm Sort in descending order Sort in ascending order.",
|
|
9879
10435
|
"x-f5xc-minimum-configuration": {
|
|
9880
10436
|
"description": "Minimum configuration for schemaSortOrder",
|
|
9881
10437
|
"required_fields": [],
|
|
@@ -9896,6 +10452,8 @@
|
|
|
9896
10452
|
"TREND_SENTIMENT_NEGATIVE"
|
|
9897
10453
|
],
|
|
9898
10454
|
"default": "TREND_SENTIMENT_NONE",
|
|
10455
|
+
"x-f5xc-description-short": "X-displayName: \"Trend Sentiment\" trend sentiment - TREND_SENTIMENT_NONE: x-displayName: \"None\" - TREND_SENTIMENT_POSITIVE: x-displayName...",
|
|
10456
|
+
"x-f5xc-description-medium": "X-displayName: \"Trend Sentiment\" trend sentiment - TREND_SENTIMENT_NONE: x-displayName: \"None\" - TREND_SENTIMENT_POSITIVE: x-displayName: \"Positive\" Indicates trend sentiment is positive - TREND_SENTIMENT_NEGATIVE: x-displayName: \"Negative\" Indicates trend sentiment is negative.",
|
|
9899
10457
|
"x-f5xc-minimum-configuration": {
|
|
9900
10458
|
"description": "Minimum configuration for schemaTrendSentiment",
|
|
9901
10459
|
"required_fields": [],
|
|
@@ -9916,6 +10474,7 @@
|
|
|
9916
10474
|
"description": "X-displayName: \"Description\"\ndescription of the method used to calculate trend.",
|
|
9917
10475
|
"title": "Description.",
|
|
9918
10476
|
"x-f5xc-example": "Trend was calculated by comparing the avg of window size intervals of end-start Time and last window time interval",
|
|
10477
|
+
"x-f5xc-description-short": "X-displayName: \"Description\" description of the method used to calculate trend.",
|
|
9919
10478
|
"minLength": 0,
|
|
9920
10479
|
"maxLength": 0,
|
|
9921
10480
|
"x-f5xc-required-for": {
|
|
@@ -9926,7 +10485,7 @@
|
|
|
9926
10485
|
},
|
|
9927
10486
|
"x-original-maxLength": 1024,
|
|
9928
10487
|
"x-reconciled-from-discovery": true,
|
|
9929
|
-
"x-reconciled-at": "2026-01-
|
|
10488
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793679+00:00"
|
|
9930
10489
|
},
|
|
9931
10490
|
"previous_value": {
|
|
9932
10491
|
"type": "string",
|
|
@@ -9960,9 +10519,11 @@
|
|
|
9960
10519
|
},
|
|
9961
10520
|
"x-original-maxLength": 1024,
|
|
9962
10521
|
"x-reconciled-from-discovery": true,
|
|
9963
|
-
"x-reconciled-at": "2026-01-
|
|
10522
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793686+00:00"
|
|
9964
10523
|
}
|
|
9965
10524
|
},
|
|
10525
|
+
"x-f5xc-description-short": "X-displayName: \"Trend Value\" Trend value contains trend value, trend sentiment and trend calculation description and window size.",
|
|
10526
|
+
"x-f5xc-description-medium": "X-displayName: \"Trend Value\" Trend value contains trend value, trend sentiment and trend calculation description and window size.",
|
|
9966
10527
|
"x-f5xc-minimum-configuration": {
|
|
9967
10528
|
"description": "Minimum configuration for schemaTrendValue",
|
|
9968
10529
|
"required_fields": [
|
|
@@ -9997,6 +10558,8 @@
|
|
|
9997
10558
|
"description": "Trend value computation requested for the field present in aggregation.\n\nX-displayName: \"Trend calculation requested by the user\"\nTrend value computation requested by the user\nOptional: default is false.",
|
|
9998
10559
|
"format": "boolean",
|
|
9999
10560
|
"x-f5xc-example": "true",
|
|
10561
|
+
"x-f5xc-description-short": "Trend value computation requested for the field present in aggregation.",
|
|
10562
|
+
"x-f5xc-description-medium": "Trend value computation requested for the field present in aggregation. X-displayName: \"Trend calculation requested by the user\" Trend value computation requested by the user Optional: default is false.",
|
|
10000
10563
|
"x-f5xc-required-for": {
|
|
10001
10564
|
"minimum_config": false,
|
|
10002
10565
|
"create": false,
|
|
@@ -10011,6 +10574,8 @@
|
|
|
10011
10574
|
"$ref": "#/components/schemas/schemaapp_securityMultiFieldAggregation"
|
|
10012
10575
|
}
|
|
10013
10576
|
},
|
|
10577
|
+
"x-f5xc-description-short": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the security events.",
|
|
10578
|
+
"x-f5xc-description-medium": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the security events.",
|
|
10014
10579
|
"x-f5xc-minimum-configuration": {
|
|
10015
10580
|
"description": "Minimum configuration for schemaapp_securityAggregationRequest",
|
|
10016
10581
|
"required_fields": [
|
|
@@ -10037,6 +10602,8 @@
|
|
|
10037
10602
|
"$ref": "#/components/schemas/schemaapp_securityKeyField"
|
|
10038
10603
|
}
|
|
10039
10604
|
},
|
|
10605
|
+
"x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the security event.",
|
|
10606
|
+
"x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the security event.",
|
|
10040
10607
|
"x-f5xc-minimum-configuration": {
|
|
10041
10608
|
"description": "Minimum configuration for schemaapp_securityCardinalityAggregation",
|
|
10042
10609
|
"required_fields": [
|
|
@@ -10059,6 +10626,8 @@
|
|
|
10059
10626
|
"description": "X-displayName: \"Step\"\nx-required\nstep is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.\nThe timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
|
|
10060
10627
|
"title": "Step",
|
|
10061
10628
|
"x-f5xc-example": "5m",
|
|
10629
|
+
"x-f5xc-description-short": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in...",
|
|
10630
|
+
"x-f5xc-description-medium": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
|
|
10062
10631
|
"minLength": 0,
|
|
10063
10632
|
"maxLength": 1024,
|
|
10064
10633
|
"x-f5xc-required-for": {
|
|
@@ -10072,6 +10641,7 @@
|
|
|
10072
10641
|
"type": "object",
|
|
10073
10642
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each date bucket.",
|
|
10074
10643
|
"title": "Sub aggregation.",
|
|
10644
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each date bucket.",
|
|
10075
10645
|
"x-f5xc-required-for": {
|
|
10076
10646
|
"minimum_config": false,
|
|
10077
10647
|
"create": false,
|
|
@@ -10080,6 +10650,8 @@
|
|
|
10080
10650
|
}
|
|
10081
10651
|
}
|
|
10082
10652
|
},
|
|
10653
|
+
"x-f5xc-description-short": "X-displayName: \"Date Aggregation\" Aggregate security events based on timestamp in the security event.",
|
|
10654
|
+
"x-f5xc-description-medium": "X-displayName: \"Date Aggregation\" Aggregate security events based on timestamp in the security event.",
|
|
10083
10655
|
"x-f5xc-minimum-configuration": {
|
|
10084
10656
|
"description": "Minimum configuration for schemaapp_securityDateAggregation",
|
|
10085
10657
|
"required_fields": [
|
|
@@ -10105,6 +10677,8 @@
|
|
|
10105
10677
|
"$ref": "#/components/schemas/schemaapp_securityMultiFieldAggregation"
|
|
10106
10678
|
}
|
|
10107
10679
|
},
|
|
10680
|
+
"x-f5xc-description-short": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
|
|
10681
|
+
"x-f5xc-description-medium": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
|
|
10108
10682
|
"x-f5xc-minimum-configuration": {
|
|
10109
10683
|
"description": "Minimum configuration for schemaapp_securityDateSubAggregation",
|
|
10110
10684
|
"required_fields": [
|
|
@@ -10133,6 +10707,8 @@
|
|
|
10133
10707
|
"type": "object",
|
|
10134
10708
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
|
|
10135
10709
|
"title": "Sub aggregation.",
|
|
10710
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
10711
|
+
"x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
10136
10712
|
"x-f5xc-required-for": {
|
|
10137
10713
|
"minimum_config": false,
|
|
10138
10714
|
"create": false,
|
|
@@ -10146,6 +10722,7 @@
|
|
|
10146
10722
|
"title": "Topk",
|
|
10147
10723
|
"format": "int64",
|
|
10148
10724
|
"x-f5xc-example": "10",
|
|
10725
|
+
"x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
|
|
10149
10726
|
"minimum": 0,
|
|
10150
10727
|
"maximum": 2147483647,
|
|
10151
10728
|
"x-f5xc-required-for": {
|
|
@@ -10156,6 +10733,8 @@
|
|
|
10156
10733
|
}
|
|
10157
10734
|
}
|
|
10158
10735
|
},
|
|
10736
|
+
"x-f5xc-description-short": "X-displayName: \"Field Aggregation\" Aggregate security events based on the key fields in the security event.",
|
|
10737
|
+
"x-f5xc-description-medium": "X-displayName: \"Field Aggregation\" Aggregate security events based on the key fields in the security event.",
|
|
10159
10738
|
"x-f5xc-minimum-configuration": {
|
|
10160
10739
|
"description": "Minimum configuration for schemaapp_securityFieldAggregation",
|
|
10161
10740
|
"required_fields": [
|
|
@@ -10180,6 +10759,8 @@
|
|
|
10180
10759
|
"$ref": "#/components/schemas/schemaapp_securityCardinalityAggregation"
|
|
10181
10760
|
}
|
|
10182
10761
|
},
|
|
10762
|
+
"x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
|
|
10763
|
+
"x-f5xc-description-medium": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
|
|
10183
10764
|
"x-f5xc-minimum-configuration": {
|
|
10184
10765
|
"description": "Minimum configuration for schemaapp_securityFieldSubAggregation",
|
|
10185
10766
|
"required_fields": [
|
|
@@ -10260,6 +10841,8 @@
|
|
|
10260
10841
|
"MALWARE_RECOMMENDED_ACTION"
|
|
10261
10842
|
],
|
|
10262
10843
|
"default": "CITY",
|
|
10844
|
+
"x-f5xc-description-short": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName...",
|
|
10845
|
+
"x-f5xc-description-medium": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName: \"Country\" - SEC_EVENT_TYPE: x-displayName: \"Security Event Type\" - SRC_SITE: x-displayName: \"Source Site\" - VH_NAME: x-displayName: \"Virtual Host Name\" ...",
|
|
10263
10846
|
"x-f5xc-minimum-configuration": {
|
|
10264
10847
|
"description": "Minimum configuration for schemaapp_securityKeyField",
|
|
10265
10848
|
"required_fields": [],
|
|
@@ -10278,6 +10861,8 @@
|
|
|
10278
10861
|
"SUSPICION_SCORE"
|
|
10279
10862
|
],
|
|
10280
10863
|
"default": "SUSPICION_SCORE",
|
|
10864
|
+
"x-f5xc-description-short": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - SUSPICION_SCORE: x-displayName: \"Suspicion Score\".",
|
|
10865
|
+
"x-f5xc-description-medium": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - SUSPICION_SCORE: x-displayName: \"Suspicion Score\".",
|
|
10281
10866
|
"x-f5xc-minimum-configuration": {
|
|
10282
10867
|
"description": "Minimum configuration for schemaapp_securityMetricField",
|
|
10283
10868
|
"required_fields": [],
|
|
@@ -10297,6 +10882,8 @@
|
|
|
10297
10882
|
"$ref": "#/components/schemas/schemaapp_securityPercentileAggregation"
|
|
10298
10883
|
}
|
|
10299
10884
|
},
|
|
10885
|
+
"x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the security event.",
|
|
10886
|
+
"x-f5xc-description-medium": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the security event.",
|
|
10300
10887
|
"x-f5xc-minimum-configuration": {
|
|
10301
10888
|
"description": "Minimum configuration for schemaapp_securityMetricsAggregation",
|
|
10302
10889
|
"required_fields": [
|
|
@@ -10324,6 +10911,8 @@
|
|
|
10324
10911
|
"type": "object",
|
|
10325
10912
|
"description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
|
|
10326
10913
|
"title": "Sub aggregation.",
|
|
10914
|
+
"x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
10915
|
+
"x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
|
|
10327
10916
|
"x-f5xc-required-for": {
|
|
10328
10917
|
"minimum_config": false,
|
|
10329
10918
|
"create": false,
|
|
@@ -10337,6 +10926,7 @@
|
|
|
10337
10926
|
"title": "Topk",
|
|
10338
10927
|
"format": "int64",
|
|
10339
10928
|
"x-f5xc-example": "10",
|
|
10929
|
+
"x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
|
|
10340
10930
|
"minimum": 0,
|
|
10341
10931
|
"maximum": 2147483647,
|
|
10342
10932
|
"x-f5xc-required-for": {
|
|
@@ -10347,6 +10937,8 @@
|
|
|
10347
10937
|
}
|
|
10348
10938
|
}
|
|
10349
10939
|
},
|
|
10940
|
+
"x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation\" Aggregate security events based on the multiple fields in the security event.",
|
|
10941
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi-Field Aggregation\" Aggregate security events based on the multiple fields in the security event.",
|
|
10350
10942
|
"x-f5xc-minimum-configuration": {
|
|
10351
10943
|
"description": "Minimum configuration for schemaapp_securityMultiFieldAggregation",
|
|
10352
10944
|
"required_fields": [
|
|
@@ -10371,6 +10963,8 @@
|
|
|
10371
10963
|
"$ref": "#/components/schemas/schemaapp_securityCardinalityAggregation"
|
|
10372
10964
|
}
|
|
10373
10965
|
},
|
|
10966
|
+
"x-f5xc-description-short": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
|
|
10967
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
|
|
10374
10968
|
"x-f5xc-minimum-configuration": {
|
|
10375
10969
|
"description": "Minimum configuration for schemaapp_securityMultiFieldSubAggregation",
|
|
10376
10970
|
"required_fields": [
|
|
@@ -10404,6 +10998,8 @@
|
|
|
10404
10998
|
"JA4_TLS_FINGERPRINT_COUNTRY"
|
|
10405
10999
|
],
|
|
10406
11000
|
"default": "ASN_COUNTRY",
|
|
11001
|
+
"x-f5xc-description-short": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - ASN_COUNTRY: x-displayName: \"ASN, Country\"...",
|
|
11002
|
+
"x-f5xc-description-medium": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - ASN_COUNTRY: x-displayName: \"ASN, Country\" Aggregated by (keyfield.asn, keyfield.country) - DOMAIN_METHOD_API_EP: x-displayName: \"Domain, Method, API Endpoint\" Aggregated by (keyfield.domain...",
|
|
10407
11003
|
"x-f5xc-minimum-configuration": {
|
|
10408
11004
|
"description": "Minimum configuration for schemaapp_securityMultiKeyField",
|
|
10409
11005
|
"required_fields": [],
|
|
@@ -10428,6 +11024,7 @@
|
|
|
10428
11024
|
"title": "Percent",
|
|
10429
11025
|
"format": "double",
|
|
10430
11026
|
"x-f5xc-example": "[99.0]",
|
|
11027
|
+
"x-f5xc-description-short": "X-displayName: \"Percent\" x-required Percentile for which value is calculated.",
|
|
10431
11028
|
"x-f5xc-required-for": {
|
|
10432
11029
|
"minimum_config": false,
|
|
10433
11030
|
"create": false,
|
|
@@ -10436,6 +11033,7 @@
|
|
|
10436
11033
|
}
|
|
10437
11034
|
}
|
|
10438
11035
|
},
|
|
11036
|
+
"x-f5xc-description-short": "X-displayName: \"Percentile Aggregation\" Calculates percentile over numeric values for a field.",
|
|
10439
11037
|
"x-f5xc-minimum-configuration": {
|
|
10440
11038
|
"description": "Minimum configuration for schemaapp_securityPercentileAggregation",
|
|
10441
11039
|
"required_fields": [
|
|
@@ -10499,6 +11097,7 @@
|
|
|
10499
11097
|
"ves.io.schema.rules.string.http_header_field": "true",
|
|
10500
11098
|
"ves.io.schema.rules.string.max_bytes": "256"
|
|
10501
11099
|
},
|
|
11100
|
+
"x-f5xc-description-short": "Case-insensitive HTTP header name. Required: YES.",
|
|
10502
11101
|
"minLength": 0,
|
|
10503
11102
|
"x-f5xc-required-for": {
|
|
10504
11103
|
"minimum_config": false,
|
|
@@ -10508,9 +11107,11 @@
|
|
|
10508
11107
|
},
|
|
10509
11108
|
"x-original-maxLength": 256,
|
|
10510
11109
|
"x-reconciled-from-discovery": true,
|
|
10511
|
-
"x-reconciled-at": "2026-01-
|
|
11110
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793730+00:00"
|
|
10512
11111
|
}
|
|
10513
11112
|
},
|
|
11113
|
+
"x-f5xc-description-short": "Header matcher specifies the name of a single HTTP header and the criteria for the input request to match it.",
|
|
11114
|
+
"x-f5xc-description-medium": "Header matcher specifies the name of a single HTTP header and the criteria for the input request to match it. The input has a list of actual values for each header name in the original HTTP request. A header matcher can check for one of the following: * Presence or absence of the header in the...",
|
|
10514
11115
|
"x-f5xc-minimum-configuration": {
|
|
10515
11116
|
"description": "Minimum configuration for schemapolicyHeaderMatcherType",
|
|
10516
11117
|
"required_fields": [
|
|
@@ -10554,6 +11155,9 @@
|
|
|
10554
11155
|
"ves.io.schema.rules.repeated.max_items": "32",
|
|
10555
11156
|
"ves.io.schema.rules.repeated.unique": "true"
|
|
10556
11157
|
},
|
|
11158
|
+
"x-f5xc-example": "{\"key\": \"value\"}",
|
|
11159
|
+
"x-f5xc-description-short": "The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions Required: YES.",
|
|
11160
|
+
"x-f5xc-description-medium": "The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions Required: YES.",
|
|
10557
11161
|
"x-f5xc-required-for": {
|
|
10558
11162
|
"minimum_config": false,
|
|
10559
11163
|
"create": false,
|
|
@@ -10622,6 +11226,7 @@
|
|
|
10622
11226
|
"ves.io.schema.rules.message.required": "true",
|
|
10623
11227
|
"ves.io.schema.rules.string.max_bytes": "256"
|
|
10624
11228
|
},
|
|
11229
|
+
"x-f5xc-description-short": "Case-sensitive HTTP query parameter name. Required: YES.",
|
|
10625
11230
|
"minLength": 0,
|
|
10626
11231
|
"x-f5xc-required-for": {
|
|
10627
11232
|
"minimum_config": false,
|
|
@@ -10631,9 +11236,11 @@
|
|
|
10631
11236
|
},
|
|
10632
11237
|
"x-original-maxLength": 256,
|
|
10633
11238
|
"x-reconciled-from-discovery": true,
|
|
10634
|
-
"x-reconciled-at": "2026-01-
|
|
11239
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793742+00:00"
|
|
10635
11240
|
}
|
|
10636
11241
|
},
|
|
11242
|
+
"x-f5xc-description-short": "Query parameter matcher specifies the name of a single query parameter and the criteria for the input request to match it.",
|
|
11243
|
+
"x-f5xc-description-medium": "Query parameter matcher specifies the name of a single query parameter and the criteria for the input request to match it. The input has a list of actual values for each query parameter name in the original HTTP request. A query parameter matcher can check for one of the following: * Presence or...",
|
|
10637
11244
|
"x-f5xc-minimum-configuration": {
|
|
10638
11245
|
"description": "Minimum configuration for schemapolicyQueryParameterMatcherType",
|
|
10639
11246
|
"required_fields": [
|
|
@@ -10677,6 +11284,8 @@
|
|
|
10677
11284
|
"ves.io.schema.rules.string.max_bytes": "128",
|
|
10678
11285
|
"ves.io.schema.rules.string.min_bytes": "1"
|
|
10679
11286
|
},
|
|
11287
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g.",
|
|
11288
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name. Required: YES.",
|
|
10680
11289
|
"x-f5xc-required-for": {
|
|
10681
11290
|
"minimum_config": false,
|
|
10682
11291
|
"create": false,
|
|
@@ -10685,7 +11294,7 @@
|
|
|
10685
11294
|
},
|
|
10686
11295
|
"x-original-maxLength": 128,
|
|
10687
11296
|
"x-reconciled-from-discovery": true,
|
|
10688
|
-
"x-reconciled-at": "2026-01-
|
|
11297
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793748+00:00"
|
|
10689
11298
|
},
|
|
10690
11299
|
"namespace": {
|
|
10691
11300
|
"type": "string",
|
|
@@ -10701,6 +11310,8 @@
|
|
|
10701
11310
|
"x-validation-rules": {
|
|
10702
11311
|
"ves.io.schema.rules.string.max_bytes": "64"
|
|
10703
11312
|
},
|
|
11313
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g.",
|
|
11314
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace.",
|
|
10704
11315
|
"minLength": 0,
|
|
10705
11316
|
"x-f5xc-required-for": {
|
|
10706
11317
|
"minimum_config": false,
|
|
@@ -10710,7 +11321,7 @@
|
|
|
10710
11321
|
},
|
|
10711
11322
|
"x-original-maxLength": 64,
|
|
10712
11323
|
"x-reconciled-from-discovery": true,
|
|
10713
|
-
"x-reconciled-at": "2026-01-
|
|
11324
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793752+00:00"
|
|
10714
11325
|
},
|
|
10715
11326
|
"tenant": {
|
|
10716
11327
|
"type": "string",
|
|
@@ -10726,6 +11337,8 @@
|
|
|
10726
11337
|
"x-validation-rules": {
|
|
10727
11338
|
"ves.io.schema.rules.string.max_bytes": "64"
|
|
10728
11339
|
},
|
|
11340
|
+
"x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g.",
|
|
11341
|
+
"x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant.",
|
|
10729
11342
|
"minLength": 0,
|
|
10730
11343
|
"x-f5xc-required-for": {
|
|
10731
11344
|
"minimum_config": false,
|
|
@@ -10737,9 +11350,11 @@
|
|
|
10737
11350
|
"x-field-mutability": "read-only",
|
|
10738
11351
|
"x-original-maxLength": 64,
|
|
10739
11352
|
"x-reconciled-from-discovery": true,
|
|
10740
|
-
"x-reconciled-at": "2026-01-
|
|
11353
|
+
"x-reconciled-at": "2026-01-07T15:27:53.793756+00:00"
|
|
10741
11354
|
}
|
|
10742
11355
|
},
|
|
11356
|
+
"x-f5xc-description-short": "Type establishes a direct reference from one object(the referrer) to another(the referred).",
|
|
11357
|
+
"x-f5xc-description-medium": "Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.",
|
|
10743
11358
|
"x-f5xc-minimum-configuration": {
|
|
10744
11359
|
"description": "Minimum configuration for schemaviewsObjectRefType",
|
|
10745
11360
|
"required_fields": [
|
|
@@ -10763,6 +11378,8 @@
|
|
|
10763
11378
|
"$ref": "#/components/schemas/suspicious_user_logNumKeyField"
|
|
10764
11379
|
}
|
|
10765
11380
|
},
|
|
11381
|
+
"x-f5xc-description-short": "X-displayName: \"Avg aggregation\" GET the average value of the numeric values extracted from the field in the suspicious user log.",
|
|
11382
|
+
"x-f5xc-description-medium": "X-displayName: \"Avg aggregation\" GET the average value of the numeric values extracted from the field in the suspicious user log.",
|
|
10766
11383
|
"x-f5xc-minimum-configuration": {
|
|
10767
11384
|
"description": "Minimum configuration for suspicious_user_logAvgAggregation",
|
|
10768
11385
|
"required_fields": [
|
|
@@ -10784,6 +11401,8 @@
|
|
|
10784
11401
|
"$ref": "#/components/schemas/suspicious_user_logNumKeyField"
|
|
10785
11402
|
}
|
|
10786
11403
|
},
|
|
11404
|
+
"x-f5xc-description-short": "X-displayName: \"Max aggregation\" GET the maximum value among the numeric values extracted from the field in the suspicious user log.",
|
|
11405
|
+
"x-f5xc-description-medium": "X-displayName: \"Max aggregation\" GET the maximum value among the numeric values extracted from the field in the suspicious user log.",
|
|
10787
11406
|
"x-f5xc-minimum-configuration": {
|
|
10788
11407
|
"description": "Minimum configuration for suspicious_user_logMaxAggregation",
|
|
10789
11408
|
"required_fields": [
|
|
@@ -10805,6 +11424,8 @@
|
|
|
10805
11424
|
"$ref": "#/components/schemas/suspicious_user_logNumKeyField"
|
|
10806
11425
|
}
|
|
10807
11426
|
},
|
|
11427
|
+
"x-f5xc-description-short": "X-displayName: \"Min aggregation\" GET the minimum value among the numeric values extracted from the field in the suspicious user log.",
|
|
11428
|
+
"x-f5xc-description-medium": "X-displayName: \"Min aggregation\" GET the minimum value among the numeric values extracted from the field in the suspicious user log.",
|
|
10808
11429
|
"x-f5xc-minimum-configuration": {
|
|
10809
11430
|
"description": "Minimum configuration for suspicious_user_logMinAggregation",
|
|
10810
11431
|
"required_fields": [
|
|
@@ -10839,6 +11460,8 @@
|
|
|
10839
11460
|
"WAF_SUSPICION_SCORE"
|
|
10840
11461
|
],
|
|
10841
11462
|
"default": "SUSPICION_SCORE",
|
|
11463
|
+
"x-f5xc-description-short": "X-displayName: \"Num-Key Field\" suspicious user log can be aggregated based on these numeric fields. - SUSPICION_SCORE: x-displayName: \"SUSPICION...",
|
|
11464
|
+
"x-f5xc-description-medium": "X-displayName: \"Num-Key Field\" suspicious user log can be aggregated based on these numeric fields. - SUSPICION_SCORE: x-displayName: \"SUSPICION SCORE\" - BEHAVIOR_ANOMALY_SCORE: x-displayName: \"BEHAVIOR ANOMALY SCORE\" - BOT_DEFENSE_SEC_EVENT_COUNT: x-displayName: \"BOT DEFENSE SEC EVENT COUNT\" ...",
|
|
10842
11465
|
"x-f5xc-minimum-configuration": {
|
|
10843
11466
|
"description": "Minimum configuration for suspicious_user_logNumKeyField",
|
|
10844
11467
|
"required_fields": [],
|