@robinmordasiewicz/f5xc-api-mcp 2.0.13-2601051957 → 2.0.19-2601071557

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/dist/tools/generated/ce_management/index.d.ts.map +1 -1
  2. package/dist/tools/generated/ce_management/index.js +179 -1582
  3. package/dist/tools/generated/ce_management/index.js.map +1 -1
  4. package/dist/tools/generated/dependency-graph.json +2 -265
  5. package/dist/version.d.ts +2 -2
  6. package/dist/version.js +2 -2
  7. package/manifest.json +1 -1
  8. package/package.json +1 -1
  9. package/specs/domains/admin_console_and_ui.json +111 -25
  10. package/specs/domains/ai_services.json +114 -35
  11. package/specs/domains/api.json +1082 -177
  12. package/specs/domains/authentication.json +205 -45
  13. package/specs/domains/bigip.json +593 -101
  14. package/specs/domains/billing_and_usage.json +440 -82
  15. package/specs/domains/blindfold.json +713 -110
  16. package/specs/domains/bot_and_threat_defense.json +359 -65
  17. package/specs/domains/cdn.json +2131 -194
  18. package/specs/domains/ce_management.json +9110 -15844
  19. package/specs/domains/certificates.json +362 -75
  20. package/specs/domains/cloud_infrastructure.json +802 -119
  21. package/specs/domains/container_services.json +613 -95
  22. package/specs/domains/data_and_privacy_security.json +364 -66
  23. package/specs/domains/data_intelligence.json +324 -63
  24. package/specs/domains/ddos.json +766 -159
  25. package/specs/domains/dns.json +820 -161
  26. package/specs/domains/managed_kubernetes.json +455 -85
  27. package/specs/domains/marketplace.json +670 -104
  28. package/specs/domains/network.json +1620 -238
  29. package/specs/domains/network_security.json +1401 -191
  30. package/specs/domains/nginx_one.json +326 -62
  31. package/specs/domains/object_storage.json +49 -15
  32. package/specs/domains/observability.json +999 -147
  33. package/specs/domains/rate_limiting.json +300 -55
  34. package/specs/domains/secops_and_incident_response.json +189 -36
  35. package/specs/domains/service_mesh.json +955 -124
  36. package/specs/domains/shape.json +2150 -397
  37. package/specs/domains/sites.json +3830 -364
  38. package/specs/domains/statistics.json +2117 -235
  39. package/specs/domains/support.json +602 -108
  40. package/specs/domains/telemetry_and_insights.json +753 -79
  41. package/specs/domains/tenant_and_identity.json +1874 -308
  42. package/specs/domains/threat_campaign.json +637 -71
  43. package/specs/domains/users.json +278 -66
  44. package/specs/domains/virtual.json +2803 -260
  45. package/specs/domains/vpm_and_node_management.json +3 -1
  46. package/specs/domains/waf.json +1125 -148
  47. package/specs/index.json +24 -24
package/specs/domains/threat_campaign.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "info": {
4
4
  "title": "Threat Campaign",
5
5
  "description": "F5 Distributed Cloud Threat Campaign API specifications",
6
- "version": "2.0.13",
6
+ "version": "2.0.19",
7
7
  "contact": {
8
8
  "name": "F5 Distributed Cloud",
9
9
  "url": "https://docs.cloud.f5.com"
@@ -374,6 +374,8 @@
374
374
  "default": "VIOL_NONE",
375
375
  "x-displayname": "App Firewall Violation Type.",
376
376
  "x-ves-proto-enum": "ves.io.schema.app_firewall.AppFirewallViolationType",
377
+ "x-f5xc-description-short": "List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH...",
378
+ "x-f5xc-description-medium": "List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS...",
377
379
  "x-f5xc-minimum-configuration": {
378
380
  "description": "Web Application Firewall (WAF) policy for protecting HTTP applications",
379
381
  "required_fields": [
@@ -424,6 +426,8 @@
424
426
  "default": "ATTACK_TYPE_NONE",
425
427
  "x-displayname": "Attack Types.",
426
428
  "x-ves-proto-enum": "ves.io.schema.app_firewall.AttackType",
429
+ "x-f5xc-description-short": "List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE...",
430
+ "x-f5xc-description-medium": "List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS...",
427
431
  "x-f5xc-minimum-configuration": {
428
432
  "description": "Web Application Firewall (WAF) policy for protecting HTTP applications",
429
433
  "required_fields": [
@@ -459,6 +463,7 @@
459
463
  "x-validation-rules": {
460
464
  "ves.io.schema.rules.string.max_len": "256"
461
465
  },
466
+ "x-f5xc-description-short": "Collapsed URL is the path with identified DYN components.",
462
467
  "minLength": 0,
463
468
  "x-f5xc-required-for": {
464
469
  "minimum_config": false,
@@ -483,6 +488,7 @@
483
488
  }
484
489
  }
485
490
  },
491
+ "x-f5xc-description-short": "API Endpoint indentified by collapsed_url and method.",
486
492
  "x-f5xc-minimum-configuration": {
487
493
  "description": "Minimum configuration for app_securityApiEndpoint",
488
494
  "required_fields": [
@@ -513,6 +519,7 @@
513
519
  "x-displayname": "HTTP Load Balancer Name.",
514
520
  "x-ves-example": "VES-I/O-frontend.",
515
521
  "x-f5xc-example": "ves-io-frontend",
522
+ "x-f5xc-description-short": "HTTP load balancer for which this API endpoint protection rule applied.",
516
523
  "minLength": 0,
517
524
  "maxLength": 16,
518
525
  "x-f5xc-required-for": {
@@ -523,7 +530,7 @@
523
530
  },
524
531
  "x-original-maxLength": 1024,
525
532
  "x-reconciled-from-discovery": true,
526
- "x-reconciled-at": "2026-01-05T18:28:44.310309+00:00"
533
+ "x-reconciled-at": "2026-01-07T15:27:53.792831+00:00"
527
534
  },
528
535
  "namespace": {
529
536
  "type": "string",
@@ -532,6 +539,7 @@
532
539
  "x-displayname": "Namespace",
533
540
  "x-ves-example": "Shared",
534
541
  "x-f5xc-example": "shared",
542
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
535
543
  "minLength": 0,
536
544
  "maxLength": 6,
537
545
  "x-f5xc-required-for": {
@@ -542,7 +550,7 @@
542
550
  },
543
551
  "x-original-maxLength": 1024,
544
552
  "x-reconciled-from-discovery": true,
545
- "x-reconciled-at": "2026-01-05T18:28:44.310316+00:00"
553
+ "x-reconciled-at": "2026-01-07T15:27:53.792838+00:00"
546
554
  },
547
555
  "path": {
548
556
  "type": "string",
@@ -563,6 +571,7 @@
563
571
  "ves.io.schema.rules.string.max_len": "1024",
564
572
  "ves.io.schema.rules.string.templated_http_path": "true"
565
573
  },
574
+ "x-f5xc-description-short": "Path to apply the API endpoint protection to Required: YES.",
566
575
  "minLength": 0,
567
576
  "x-f5xc-required-for": {
568
577
  "minimum_config": false,
@@ -572,6 +581,7 @@
572
581
  }
573
582
  }
574
583
  },
584
+ "x-f5xc-description-short": "GET suggested API endpoint protection rule for a given path.",
575
585
  "x-f5xc-minimum-configuration": {
576
586
  "description": "Minimum configuration for app_securityGetSuggestedAPIEndpointProtectionRuleReq",
577
587
  "required_fields": [
@@ -601,6 +611,7 @@
601
611
  "$ref": "#/components/schemas/common_wafAPIEndpointProtectionRule"
602
612
  }
603
613
  },
614
+ "x-f5xc-description-short": "GET suggested API endpoint protection rule for a given path.",
604
615
  "x-f5xc-minimum-configuration": {
605
616
  "description": "Minimum configuration for app_securityGetSuggestedAPIEndpointProtectionRuleRsp",
606
617
  "required_fields": [
@@ -662,6 +673,7 @@
662
673
  "ves.io.schema.rules.uint32.gte": "0",
663
674
  "ves.io.schema.rules.uint32.lte": "401308"
664
675
  },
676
+ "x-f5xc-description-short": "RFC 6793 defined 4-byte AS number Required: YES.",
665
677
  "minimum": 0,
666
678
  "maximum": 2147483647,
667
679
  "x-f5xc-required-for": {
@@ -703,6 +715,7 @@
703
715
  "x-displayname": "HTTP Load Balancer Name.",
704
716
  "x-ves-example": "VES-I/O-frontend.",
705
717
  "x-f5xc-example": "ves-io-frontend",
718
+ "x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
706
719
  "minLength": 0,
707
720
  "maxLength": 16,
708
721
  "x-f5xc-required-for": {
@@ -713,7 +726,7 @@
713
726
  },
714
727
  "x-original-maxLength": 1024,
715
728
  "x-reconciled-from-discovery": true,
716
- "x-reconciled-at": "2026-01-05T18:28:44.310332+00:00"
729
+ "x-reconciled-at": "2026-01-07T15:27:53.792853+00:00"
717
730
  },
718
731
  "namespace": {
719
732
  "type": "string",
@@ -722,6 +735,7 @@
722
735
  "x-displayname": "Namespace",
723
736
  "x-ves-example": "Shared",
724
737
  "x-f5xc-example": "shared",
738
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
725
739
  "minLength": 0,
726
740
  "maxLength": 6,
727
741
  "x-f5xc-required-for": {
@@ -732,7 +746,7 @@
732
746
  },
733
747
  "x-original-maxLength": 1024,
734
748
  "x-reconciled-from-discovery": true,
735
- "x-reconciled-at": "2026-01-05T18:28:44.310337+00:00"
749
+ "x-reconciled-at": "2026-01-07T15:27:53.792857+00:00"
736
750
  },
737
751
  "user_id": {
738
752
  "type": "string",
@@ -758,6 +772,7 @@
758
772
  "x-field-mutability": "read-only"
759
773
  }
760
774
  },
775
+ "x-f5xc-description-short": "GET suggested blocking SimpleClientSrcRule for a given IP/ASN.",
761
776
  "x-f5xc-minimum-configuration": {
762
777
  "description": "Minimum configuration for app_securityGetSuggestedBlockClientRuleReq",
763
778
  "required_fields": [
@@ -792,6 +807,7 @@
792
807
  "x-displayname": "HTTP Load Balancer Name.",
793
808
  "x-ves-example": "VES-I/O-frontend.",
794
809
  "x-f5xc-example": "ves-io-frontend",
810
+ "x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
795
811
  "minLength": 0,
796
812
  "maxLength": 16,
797
813
  "x-f5xc-required-for": {
@@ -802,12 +818,13 @@
802
818
  },
803
819
  "x-original-maxLength": 1024,
804
820
  "x-reconciled-from-discovery": true,
805
- "x-reconciled-at": "2026-01-05T18:28:44.310345+00:00"
821
+ "x-reconciled-at": "2026-01-07T15:27:53.792865+00:00"
806
822
  },
807
823
  "rule": {
808
824
  "$ref": "#/components/schemas/common_wafSimpleClientSrcRule"
809
825
  }
810
826
  },
827
+ "x-f5xc-description-short": "GET suggested blocking SimpleClientSrcRule for a given IP/ASN.",
811
828
  "x-f5xc-minimum-configuration": {
812
829
  "description": "Minimum configuration for app_securityGetSuggestedBlockClientRuleRsp",
813
830
  "required_fields": [
@@ -849,6 +866,7 @@
849
866
  "ves.io.schema.rules.repeated.max_items": "64",
850
867
  "ves.io.schema.rules.repeated.unique": "true"
851
868
  },
869
+ "x-f5xc-description-short": "Sources that are located in one of the countries in the given list.",
852
870
  "x-f5xc-required-for": {
853
871
  "minimum_config": false,
854
872
  "create": false,
@@ -869,6 +887,7 @@
869
887
  "x-displayname": "Load Balancer Name.",
870
888
  "x-ves-example": "VES-I/O-frontend.",
871
889
  "x-f5xc-example": "ves-io-frontend",
890
+ "x-f5xc-description-short": "Load balancer for which this WAF exclusion will be applied.",
872
891
  "minLength": 0,
873
892
  "maxLength": 16,
874
893
  "x-f5xc-required-for": {
@@ -879,7 +898,7 @@
879
898
  },
880
899
  "x-original-maxLength": 1024,
881
900
  "x-reconciled-from-discovery": true,
882
- "x-reconciled-at": "2026-01-05T18:28:44.310357+00:00"
901
+ "x-reconciled-at": "2026-01-07T15:27:53.792876+00:00"
883
902
  },
884
903
  "namespace": {
885
904
  "type": "string",
@@ -888,6 +907,7 @@
888
907
  "x-displayname": "Namespace",
889
908
  "x-ves-example": "Shared",
890
909
  "x-f5xc-example": "shared",
910
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
891
911
  "minLength": 0,
892
912
  "maxLength": 6,
893
913
  "x-f5xc-required-for": {
@@ -898,12 +918,13 @@
898
918
  },
899
919
  "x-original-maxLength": 1024,
900
920
  "x-reconciled-from-discovery": true,
901
- "x-reconciled-at": "2026-01-05T18:28:44.310361+00:00"
921
+ "x-reconciled-at": "2026-01-07T15:27:53.792880+00:00"
902
922
  },
903
923
  "tls_fingerprint_matcher": {
904
924
  "$ref": "#/components/schemas/policyTlsFingerprintMatcherType"
905
925
  }
906
926
  },
927
+ "x-f5xc-description-short": "GET suggested blocking DDoSMitigtionRule for a given IP/ASN/Country/TLS.",
907
928
  "x-f5xc-minimum-configuration": {
908
929
  "description": "Minimum configuration for app_securityGetSuggestedDDoSMitigtionRuleReq",
909
930
  "required_fields": [
@@ -942,6 +963,7 @@
942
963
  "x-displayname": "DDoS Mitigation Rule Name.",
943
964
  "x-ves-example": "VES-I/O-DDoS-mitigation-rule.",
944
965
  "x-f5xc-example": "ves-io-ddos-mitigation-rule",
966
+ "x-f5xc-description-short": "HTTP load balancer for which this DDoS Mitigation Rule will be applied.",
945
967
  "minLength": 0,
946
968
  "maxLength": 1024,
947
969
  "x-f5xc-required-for": {
@@ -952,6 +974,7 @@
952
974
  }
953
975
  }
954
976
  },
977
+ "x-f5xc-description-short": "GET suggested DDoS Mitigtion Rule for a given IP/ASN/Country/TLS.",
955
978
  "x-f5xc-minimum-configuration": {
956
979
  "description": "Minimum configuration for app_securityGetSuggestedDDoSMitigtionRuleRsp",
957
980
  "required_fields": [
@@ -982,6 +1005,7 @@
982
1005
  },
983
1006
  "x-displayname": "API Groups membership.",
984
1007
  "x-f5xc-example": "[\"group-1\", \"group-2\"]",
1008
+ "x-f5xc-description-short": "List of API Groups the API Endpoint is a member of.",
985
1009
  "x-f5xc-required-for": {
986
1010
  "minimum_config": false,
987
1011
  "create": false,
@@ -999,6 +1023,7 @@
999
1023
  "x-displayname": "HTTP Load Balancer Name.",
1000
1024
  "x-ves-example": "VES-I/O-frontend.",
1001
1025
  "x-f5xc-example": "ves-io-frontend",
1026
+ "x-f5xc-description-short": "HTTP load balancer for which this Open API specification validation rule applied.",
1002
1027
  "minLength": 0,
1003
1028
  "maxLength": 16,
1004
1029
  "x-f5xc-required-for": {
@@ -1009,7 +1034,7 @@
1009
1034
  },
1010
1035
  "x-original-maxLength": 1024,
1011
1036
  "x-reconciled-from-discovery": true,
1012
- "x-reconciled-at": "2026-01-05T18:28:44.310374+00:00"
1037
+ "x-reconciled-at": "2026-01-07T15:27:53.792892+00:00"
1013
1038
  },
1014
1039
  "namespace": {
1015
1040
  "type": "string",
@@ -1018,6 +1043,7 @@
1018
1043
  "x-displayname": "Namespace",
1019
1044
  "x-ves-example": "Shared",
1020
1045
  "x-f5xc-example": "shared",
1046
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
1021
1047
  "minLength": 0,
1022
1048
  "maxLength": 6,
1023
1049
  "x-f5xc-required-for": {
@@ -1028,7 +1054,7 @@
1028
1054
  },
1029
1055
  "x-original-maxLength": 1024,
1030
1056
  "x-reconciled-from-discovery": true,
1031
- "x-reconciled-at": "2026-01-05T18:28:44.310378+00:00"
1057
+ "x-reconciled-at": "2026-01-07T15:27:53.792896+00:00"
1032
1058
  },
1033
1059
  "path": {
1034
1060
  "type": "string",
@@ -1049,6 +1075,7 @@
1049
1075
  "ves.io.schema.rules.string.max_len": "1024",
1050
1076
  "ves.io.schema.rules.string.templated_http_path": "true"
1051
1077
  },
1078
+ "x-f5xc-description-short": "Path to apply the Open API specification validation to Required: YES.",
1052
1079
  "minLength": 0,
1053
1080
  "x-f5xc-required-for": {
1054
1081
  "minimum_config": false,
@@ -1058,6 +1085,7 @@
1058
1085
  }
1059
1086
  }
1060
1087
  },
1088
+ "x-f5xc-description-short": "GET suggested Open API specification validation for a given path.",
1061
1089
  "x-f5xc-minimum-configuration": {
1062
1090
  "description": "Minimum configuration for app_securityGetSuggestedOasValidationRuleReq",
1063
1091
  "required_fields": [
@@ -1092,6 +1120,7 @@
1092
1120
  "$ref": "#/components/schemas/schemaEmpty"
1093
1121
  }
1094
1122
  },
1123
+ "x-f5xc-description-short": "GET suggested Open API specification validation for a given path.",
1095
1124
  "x-f5xc-minimum-configuration": {
1096
1125
  "description": "Minimum configuration for app_securityGetSuggestedOasValidationRuleRsp",
1097
1126
  "required_fields": [
@@ -1123,6 +1152,7 @@
1123
1152
  "x-displayname": "HTTP Load Balancer Name.",
1124
1153
  "x-ves-example": "VES-I/O-frontend.",
1125
1154
  "x-f5xc-example": "ves-io-frontend",
1155
+ "x-f5xc-description-short": "HTTP load balancer for which this rate limit rule applied.",
1126
1156
  "minLength": 0,
1127
1157
  "maxLength": 16,
1128
1158
  "x-f5xc-required-for": {
@@ -1133,7 +1163,7 @@
1133
1163
  },
1134
1164
  "x-original-maxLength": 1024,
1135
1165
  "x-reconciled-from-discovery": true,
1136
- "x-reconciled-at": "2026-01-05T18:28:44.310389+00:00"
1166
+ "x-reconciled-at": "2026-01-07T15:27:53.792907+00:00"
1137
1167
  },
1138
1168
  "namespace": {
1139
1169
  "type": "string",
@@ -1142,6 +1172,7 @@
1142
1172
  "x-displayname": "Namespace",
1143
1173
  "x-ves-example": "Shared",
1144
1174
  "x-f5xc-example": "shared",
1175
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
1145
1176
  "minLength": 0,
1146
1177
  "maxLength": 6,
1147
1178
  "x-f5xc-required-for": {
@@ -1152,7 +1183,7 @@
1152
1183
  },
1153
1184
  "x-original-maxLength": 1024,
1154
1185
  "x-reconciled-from-discovery": true,
1155
- "x-reconciled-at": "2026-01-05T18:28:44.310393+00:00"
1186
+ "x-reconciled-at": "2026-01-07T15:27:53.792912+00:00"
1156
1187
  },
1157
1188
  "path": {
1158
1189
  "type": "string",
@@ -1173,6 +1204,7 @@
1173
1204
  "ves.io.schema.rules.string.max_len": "1024",
1174
1205
  "ves.io.schema.rules.string.templated_http_path": "true"
1175
1206
  },
1207
+ "x-f5xc-description-short": "Path to apply the rate limit to Required: YES.",
1176
1208
  "minLength": 0,
1177
1209
  "x-f5xc-required-for": {
1178
1210
  "minimum_config": false,
@@ -1182,6 +1214,7 @@
1182
1214
  }
1183
1215
  }
1184
1216
  },
1217
+ "x-f5xc-description-short": "GET suggested rate limit rule for a given path.",
1185
1218
  "x-f5xc-minimum-configuration": {
1186
1219
  "description": "Minimum configuration for app_securityGetSuggestedRateLimitRuleReq",
1187
1220
  "required_fields": [
@@ -1211,6 +1244,7 @@
1211
1244
  "$ref": "#/components/schemas/common_wafApiEndpointRule"
1212
1245
  }
1213
1246
  },
1247
+ "x-f5xc-description-short": "GET suggested rate limit rule for a given path.",
1214
1248
  "x-f5xc-minimum-configuration": {
1215
1249
  "description": "Minimum configuration for app_securityGetSuggestedRateLimitRuleRsp",
1216
1250
  "required_fields": [
@@ -1241,6 +1275,7 @@
1241
1275
  "x-displayname": "HTTP Load Balancer Name.",
1242
1276
  "x-ves-example": "VES-I/O-frontend.",
1243
1277
  "x-f5xc-example": "ves-io-frontend",
1278
+ "x-f5xc-description-short": "HTTP load balancer for which this sensitive data rule applied.",
1244
1279
  "minLength": 0,
1245
1280
  "maxLength": 16,
1246
1281
  "x-f5xc-required-for": {
@@ -1251,7 +1286,7 @@
1251
1286
  },
1252
1287
  "x-original-maxLength": 1024,
1253
1288
  "x-reconciled-from-discovery": true,
1254
- "x-reconciled-at": "2026-01-05T18:28:44.310404+00:00"
1289
+ "x-reconciled-at": "2026-01-07T15:27:53.792922+00:00"
1255
1290
  },
1256
1291
  "namespace": {
1257
1292
  "type": "string",
@@ -1260,6 +1295,7 @@
1260
1295
  "x-displayname": "Namespace",
1261
1296
  "x-ves-example": "Shared",
1262
1297
  "x-f5xc-example": "shared",
1298
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
1263
1299
  "minLength": 0,
1264
1300
  "maxLength": 6,
1265
1301
  "x-f5xc-required-for": {
@@ -1270,7 +1306,7 @@
1270
1306
  },
1271
1307
  "x-original-maxLength": 1024,
1272
1308
  "x-reconciled-from-discovery": true,
1273
- "x-reconciled-at": "2026-01-05T18:28:44.310408+00:00"
1309
+ "x-reconciled-at": "2026-01-07T15:27:53.792927+00:00"
1274
1310
  },
1275
1311
  "path": {
1276
1312
  "type": "string",
@@ -1291,6 +1327,7 @@
1291
1327
  "ves.io.schema.rules.string.max_len": "1024",
1292
1328
  "ves.io.schema.rules.string.templated_http_path": "true"
1293
1329
  },
1330
+ "x-f5xc-description-short": "Path to apply the senstive data to Required: YES.",
1294
1331
  "minLength": 0,
1295
1332
  "x-f5xc-required-for": {
1296
1333
  "minimum_config": false,
@@ -1300,6 +1337,7 @@
1300
1337
  }
1301
1338
  }
1302
1339
  },
1340
+ "x-f5xc-description-short": "GET suggested sensitive data rule for a given path.",
1303
1341
  "x-f5xc-minimum-configuration": {
1304
1342
  "description": "Minimum configuration for app_securityGetSuggestedSensitiveDataRuleReq",
1305
1343
  "required_fields": [
@@ -1329,6 +1367,7 @@
1329
1367
  "$ref": "#/components/schemas/http_loadbalancerSensitiveDataTypes"
1330
1368
  }
1331
1369
  },
1370
+ "x-f5xc-description-short": "GET suggested sensitive data rule for a given path.",
1332
1371
  "x-f5xc-minimum-configuration": {
1333
1372
  "description": "Minimum configuration for app_securityGetSuggestedSensitiveDataRuleRsp",
1334
1373
  "required_fields": [
@@ -1390,6 +1429,7 @@
1390
1429
  "ves.io.schema.rules.uint32.gte": "0",
1391
1430
  "ves.io.schema.rules.uint32.lte": "401308"
1392
1431
  },
1432
+ "x-f5xc-description-short": "RFC 6793 defined 4-byte AS number Required: YES.",
1393
1433
  "minimum": 0,
1394
1434
  "maximum": 2147483647,
1395
1435
  "x-f5xc-required-for": {
@@ -1432,6 +1472,7 @@
1432
1472
  "x-displayname": "IP Reputation Security Event.",
1433
1473
  "x-ves-example": "True",
1434
1474
  "x-f5xc-example": "true",
1475
+ "x-f5xc-description-short": "Indicates whether the security event is IP reputation.",
1435
1476
  "x-f5xc-required-for": {
1436
1477
  "minimum_config": false,
1437
1478
  "create": false,
@@ -1446,6 +1487,7 @@
1446
1487
  "x-displayname": "HTTP Load Balancer Name.",
1447
1488
  "x-ves-example": "VES-I/O-frontend.",
1448
1489
  "x-f5xc-example": "ves-io-frontend",
1490
+ "x-f5xc-description-short": "HTTP load balancer for which this client blocking rule will be applied.",
1449
1491
  "minLength": 0,
1450
1492
  "maxLength": 16,
1451
1493
  "x-f5xc-required-for": {
@@ -1456,7 +1498,7 @@
1456
1498
  },
1457
1499
  "x-original-maxLength": 1024,
1458
1500
  "x-reconciled-from-discovery": true,
1459
- "x-reconciled-at": "2026-01-05T18:28:44.310422+00:00"
1501
+ "x-reconciled-at": "2026-01-07T15:27:53.792941+00:00"
1460
1502
  },
1461
1503
  "namespace": {
1462
1504
  "type": "string",
@@ -1465,6 +1507,7 @@
1465
1507
  "x-displayname": "Namespace",
1466
1508
  "x-ves-example": "Shared",
1467
1509
  "x-f5xc-example": "shared",
1510
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
1468
1511
  "minLength": 0,
1469
1512
  "maxLength": 6,
1470
1513
  "x-f5xc-required-for": {
@@ -1475,7 +1518,7 @@
1475
1518
  },
1476
1519
  "x-original-maxLength": 1024,
1477
1520
  "x-reconciled-from-discovery": true,
1478
- "x-reconciled-at": "2026-01-05T18:28:44.310427+00:00"
1521
+ "x-reconciled-at": "2026-01-07T15:27:53.792946+00:00"
1479
1522
  },
1480
1523
  "sec_event_name": {
1481
1524
  "type": "string",
@@ -1512,6 +1555,7 @@
1512
1555
  "ves.io.schema.rules.repeated.max_items": "4",
1513
1556
  "ves.io.schema.rules.repeated.unique": "true"
1514
1557
  },
1558
+ "x-f5xc-description-short": "List of Security Event types that should stop being generated for this client.",
1515
1559
  "x-f5xc-required-for": {
1516
1560
  "minimum_config": false,
1517
1561
  "create": false,
@@ -1527,6 +1571,7 @@
1527
1571
  "x-displayname": "Threat Mesh Security Event.",
1528
1572
  "x-ves-example": "True",
1529
1573
  "x-f5xc-example": "true",
1574
+ "x-f5xc-description-short": "Indicates whether the security event is threat mesh.",
1530
1575
  "x-f5xc-required-for": {
1531
1576
  "minimum_config": false,
1532
1577
  "create": false,
@@ -1558,6 +1603,7 @@
1558
1603
  "x-field-mutability": "read-only"
1559
1604
  }
1560
1605
  },
1606
+ "x-f5xc-description-short": "GET suggested blocking SimpleClientSrcRule for a given IP/ASN.",
1561
1607
  "x-f5xc-minimum-configuration": {
1562
1608
  "description": "Minimum configuration for app_securityGetSuggestedTrustClientRuleReq",
1563
1609
  "required_fields": [
@@ -1596,6 +1642,7 @@
1596
1642
  "x-displayname": "HTTP Load Balancer Name.",
1597
1643
  "x-ves-example": "VES-I/O-frontend.",
1598
1644
  "x-f5xc-example": "ves-io-frontend",
1645
+ "x-f5xc-description-short": "HTTP load balancer for which this client rule will be applied.",
1599
1646
  "minLength": 0,
1600
1647
  "maxLength": 16,
1601
1648
  "x-f5xc-required-for": {
@@ -1606,12 +1653,13 @@
1606
1653
  },
1607
1654
  "x-original-maxLength": 1024,
1608
1655
  "x-reconciled-from-discovery": true,
1609
- "x-reconciled-at": "2026-01-05T18:28:44.310439+00:00"
1656
+ "x-reconciled-at": "2026-01-07T15:27:53.792957+00:00"
1610
1657
  },
1611
1658
  "rule": {
1612
1659
  "$ref": "#/components/schemas/common_wafSimpleClientSrcRule"
1613
1660
  }
1614
1661
  },
1662
+ "x-f5xc-description-short": "GET suggested SimpleClientSrcRule to trust a given IP/ASN.",
1615
1663
  "x-f5xc-minimum-configuration": {
1616
1664
  "description": "Minimum configuration for app_securityGetSuggestedTrustClientRuleRsp",
1617
1665
  "required_fields": [
@@ -1662,7 +1710,7 @@
1662
1710
  "x-original-maxLength": 256,
1663
1711
  "format": "hostname",
1664
1712
  "x-reconciled-from-discovery": true,
1665
- "x-reconciled-at": "2026-01-05T18:28:44.310448+00:00"
1713
+ "x-reconciled-at": "2026-01-07T15:27:53.792967+00:00"
1666
1714
  },
1667
1715
  "exclude_bot_names": {
1668
1716
  "type": "array",
@@ -1683,6 +1731,7 @@
1683
1731
  "ves.io.schema.rules.repeated.max_items": "64",
1684
1732
  "ves.io.schema.rules.repeated.unique": "true"
1685
1733
  },
1734
+ "x-f5xc-description-short": "Bot name contexts to be excluded for this request.",
1686
1735
  "x-f5xc-required-for": {
1687
1736
  "minimum_config": false,
1688
1737
  "create": false,
@@ -1709,6 +1758,7 @@
1709
1758
  "ves.io.schema.rules.repeated.max_items": "1024",
1710
1759
  "ves.io.schema.rules.repeated.unique": "true"
1711
1760
  },
1761
+ "x-f5xc-description-short": "App Firewall signature contexts to be excluded for this request.",
1712
1762
  "x-f5xc-required-for": {
1713
1763
  "minimum_config": false,
1714
1764
  "create": false,
@@ -1735,6 +1785,7 @@
1735
1785
  "ves.io.schema.rules.repeated.max_items": "64",
1736
1786
  "ves.io.schema.rules.repeated.unique": "true"
1737
1787
  },
1788
+ "x-f5xc-description-short": "App Firewall violation contexts to be excluded for this request.",
1738
1789
  "x-f5xc-required-for": {
1739
1790
  "minimum_config": false,
1740
1791
  "create": false,
@@ -1749,6 +1800,7 @@
1749
1800
  "x-displayname": "HTTP Load Balancer Name.",
1750
1801
  "x-ves-example": "VES-I/O-frontend.",
1751
1802
  "x-f5xc-example": "ves-io-frontend",
1803
+ "x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
1752
1804
  "minLength": 0,
1753
1805
  "maxLength": 16,
1754
1806
  "x-f5xc-required-for": {
@@ -1759,7 +1811,7 @@
1759
1811
  },
1760
1812
  "x-original-maxLength": 1024,
1761
1813
  "x-reconciled-from-discovery": true,
1762
- "x-reconciled-at": "2026-01-05T18:28:44.310458+00:00"
1814
+ "x-reconciled-at": "2026-01-07T15:27:53.792976+00:00"
1763
1815
  },
1764
1816
  "namespace": {
1765
1817
  "type": "string",
@@ -1768,6 +1820,7 @@
1768
1820
  "x-displayname": "Namespace",
1769
1821
  "x-ves-example": "Shared",
1770
1822
  "x-f5xc-example": "shared",
1823
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
1771
1824
  "minLength": 0,
1772
1825
  "maxLength": 6,
1773
1826
  "x-f5xc-required-for": {
@@ -1778,7 +1831,7 @@
1778
1831
  },
1779
1832
  "x-original-maxLength": 1024,
1780
1833
  "x-reconciled-from-discovery": true,
1781
- "x-reconciled-at": "2026-01-05T18:28:44.310463+00:00"
1834
+ "x-reconciled-at": "2026-01-07T15:27:53.792981+00:00"
1782
1835
  },
1783
1836
  "req_path": {
1784
1837
  "type": "string",
@@ -1815,6 +1868,7 @@
1815
1868
  "x-validation-rules": {
1816
1869
  "ves.io.schema.rules.string.pattern": "^$|^[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}$"
1817
1870
  },
1871
+ "x-f5xc-description-short": "Unique identifier for the request route.",
1818
1872
  "minLength": 0,
1819
1873
  "maxLength": 1024,
1820
1874
  "x-f5xc-required-for": {
@@ -1825,6 +1879,7 @@
1825
1879
  }
1826
1880
  }
1827
1881
  },
1882
+ "x-f5xc-description-short": "GET suggested service policy rule to set up WAF rule exclusion for a given WAF security event.",
1828
1883
  "x-f5xc-minimum-configuration": {
1829
1884
  "description": "Minimum configuration for app_securityGetSuggestedWAFExclusionRuleReq",
1830
1885
  "required_fields": [
@@ -1862,6 +1917,7 @@
1862
1917
  "x-displayname": "HTTP Load Balancer Name.",
1863
1918
  "x-ves-example": "VES-I/O-frontend.",
1864
1919
  "x-f5xc-example": "ves-io-frontend",
1920
+ "x-f5xc-description-short": "HTTP load balancer for which this WAF exclusion will be applied.",
1865
1921
  "minLength": 0,
1866
1922
  "maxLength": 16,
1867
1923
  "x-f5xc-required-for": {
@@ -1872,7 +1928,7 @@
1872
1928
  },
1873
1929
  "x-original-maxLength": 1024,
1874
1930
  "x-reconciled-from-discovery": true,
1875
- "x-reconciled-at": "2026-01-05T18:28:44.310472+00:00"
1931
+ "x-reconciled-at": "2026-01-07T15:27:53.792990+00:00"
1876
1932
  },
1877
1933
  "waf_exclusion_policy": {
1878
1934
  "$ref": "#/components/schemas/schemaviewsObjectRefType"
@@ -1881,6 +1937,7 @@
1881
1937
  "$ref": "#/components/schemas/policySimpleWafExclusionRule"
1882
1938
  }
1883
1939
  },
1940
+ "x-f5xc-description-short": "GET suggested service policy rule to set up WAF rule exclusion for a given WAF security event.",
1884
1941
  "x-f5xc-minimum-configuration": {
1885
1942
  "description": "Minimum configuration for app_securityGetSuggestedWAFExclusionRuleRsp",
1886
1943
  "required_fields": [
@@ -1920,7 +1977,7 @@
1920
1977
  },
1921
1978
  "x-original-maxLength": 1024,
1922
1979
  "x-reconciled-from-discovery": true,
1923
- "x-reconciled-at": "2026-01-05T18:28:44.310479+00:00"
1980
+ "x-reconciled-at": "2026-01-07T15:27:53.792998+00:00"
1924
1981
  },
1925
1982
  "namespace": {
1926
1983
  "type": "string",
@@ -1939,7 +1996,7 @@
1939
1996
  },
1940
1997
  "x-original-maxLength": 1024,
1941
1998
  "x-reconciled-from-discovery": true,
1942
- "x-reconciled-at": "2026-01-05T18:28:44.310484+00:00"
1999
+ "x-reconciled-at": "2026-01-07T15:27:53.793002+00:00"
1943
2000
  },
1944
2001
  "request_data": {
1945
2002
  "$ref": "#/components/schemas/app_securityRequestData"
@@ -1948,6 +2005,7 @@
1948
2005
  "$ref": "#/components/schemas/app_securitySecurityEventsData"
1949
2006
  }
1950
2007
  },
2008
+ "x-f5xc-description-short": "List of virtual hosts in all the namespaces matching filter provided in the request.",
1951
2009
  "x-f5xc-minimum-configuration": {
1952
2010
  "description": "Minimum configuration for app_securityLoadbalancerData",
1953
2011
  "required_fields": [
@@ -1976,6 +2034,7 @@
1976
2034
  "format": "uint64",
1977
2035
  "x-displayname": "Count",
1978
2036
  "x-f5xc-example": "15",
2037
+ "x-f5xc-description-short": "The number of requests matching the filter for virtual host in the given namespace.",
1979
2038
  "minLength": 0,
1980
2039
  "maxLength": 1024,
1981
2040
  "x-f5xc-required-for": {
@@ -1993,6 +2052,7 @@
1993
2052
  "x-displayname": "Maximum time.",
1994
2053
  "x-ves-example": "01-01-1970T00:00:00Z.",
1995
2054
  "x-f5xc-example": "01-01-1970T00:00:00Z",
2055
+ "x-f5xc-description-short": "Maximum time at which request ID was found.",
1996
2056
  "minLength": 0,
1997
2057
  "maxLength": 1024,
1998
2058
  "x-f5xc-required-for": {
@@ -2010,6 +2070,7 @@
2010
2070
  "x-displayname": "Minimum time.",
2011
2071
  "x-ves-example": "01-01-1970T00:00:00Z.",
2012
2072
  "x-f5xc-example": "01-01-1970T00:00:00Z",
2073
+ "x-f5xc-description-short": "Minimum time at which the request ID was found.",
2013
2074
  "minLength": 0,
2014
2075
  "maxLength": 1024,
2015
2076
  "x-f5xc-required-for": {
@@ -2073,9 +2134,10 @@
2073
2134
  "maxLength": 15,
2074
2135
  "minLength": 3,
2075
2136
  "x-reconciled-from-discovery": true,
2076
- "x-reconciled-at": "2026-01-05T18:28:44.310500+00:00"
2137
+ "x-reconciled-at": "2026-01-07T15:27:53.793018+00:00"
2077
2138
  }
2078
2139
  },
2140
+ "x-f5xc-description-short": "Metric label filter can be specified to query specific metrics based on label match.",
2079
2141
  "x-f5xc-minimum-configuration": {
2080
2142
  "description": "Minimum configuration for app_securitySearchFilter",
2081
2143
  "required_fields": [
@@ -2101,6 +2163,7 @@
2101
2163
  "default": "REQUEST_ID",
2102
2164
  "x-displayname": "Search Label for VH List API.",
2103
2165
  "x-ves-proto-enum": "ves.io.schema.app_security.SearchLabel",
2166
+ "x-f5xc-description-short": "List of Virtual Hosts will be returned matching the following labels.",
2104
2167
  "x-f5xc-minimum-configuration": {
2105
2168
  "description": "Minimum configuration for app_securitySearchLabel",
2106
2169
  "required_fields": [],
@@ -2155,6 +2218,8 @@
2155
2218
  "x-validation-rules": {
2156
2219
  "ves.io.schema.rules.repeated.max_items": "5"
2157
2220
  },
2221
+ "x-f5xc-description-short": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the .",
2222
+ "x-f5xc-description-medium": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the . One or more of the following labels can be specified in the label_filter. , `.",
2158
2223
  "x-f5xc-required-for": {
2159
2224
  "minimum_config": false,
2160
2225
  "create": false,
@@ -2169,6 +2234,7 @@
2169
2234
  "x-displayname": "Namespace",
2170
2235
  "x-ves-example": "Shared",
2171
2236
  "x-f5xc-example": "shared",
2237
+ "x-f5xc-description-short": "Namespace of the App type for current request.",
2172
2238
  "minLength": 0,
2173
2239
  "maxLength": 6,
2174
2240
  "x-f5xc-required-for": {
@@ -2179,9 +2245,11 @@
2179
2245
  },
2180
2246
  "x-original-maxLength": 1024,
2181
2247
  "x-reconciled-from-discovery": true,
2182
- "x-reconciled-at": "2026-01-05T18:28:44.310507+00:00"
2248
+ "x-reconciled-at": "2026-01-07T15:27:53.793025+00:00"
2183
2249
  }
2184
2250
  },
2251
+ "x-f5xc-description-short": "GET a list of virtual hosts in all the namespaces matching filter provided in the request.",
2252
+ "x-f5xc-description-medium": "GET a list of virtual hosts in all the namespaces matching filter provided in the request. The filter can be a) Request ID b) Source IP.",
2185
2253
  "x-f5xc-minimum-configuration": {
2186
2254
  "description": "Minimum configuration for app_securitySearchLoadBalancersRequest",
2187
2255
  "required_fields": [
@@ -2212,6 +2280,7 @@
2212
2280
  "x-displayname": "HTTP Load Balancer List.",
2213
2281
  "x-ves-example": "[VES-I/O-frontend\", \"ns1\" , \"1\", \"0\"]",
2214
2282
  "x-f5xc-example": "\"[ves-io-frontend\", \"ns1\" , \"1\", \"0\"]\"",
2283
+ "x-f5xc-description-short": "HTTP load balancer list for which the SearchFilter is applied.",
2215
2284
  "x-f5xc-required-for": {
2216
2285
  "minimum_config": false,
2217
2286
  "create": false,
@@ -2220,6 +2289,7 @@
2220
2289
  }
2221
2290
  }
2222
2291
  },
2292
+ "x-f5xc-description-short": "List of virtual hosts in all the namespaces matching filter provided in the request.",
2223
2293
  "x-f5xc-minimum-configuration": {
2224
2294
  "description": "Minimum configuration for app_securitySearchLoadBalancersResponse",
2225
2295
  "required_fields": [
@@ -2251,6 +2321,7 @@
2251
2321
  "default": "WAF_SEC_EVENT",
2252
2322
  "x-displayname": "Security Event Type.",
2253
2323
  "x-ves-proto-enum": "ves.io.schema.app_security.SecEventType",
2324
+ "x-f5xc-description-short": "Security event can be one of the following types.",
2254
2325
  "x-f5xc-minimum-configuration": {
2255
2326
  "description": "Minimum configuration for app_securitySecEventType",
2256
2327
  "required_fields": [],
@@ -2273,6 +2344,8 @@
2273
2344
  "description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
2274
2345
  "title": "Aggregations.",
2275
2346
  "x-displayname": "Aggregations.",
2347
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
2348
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
2276
2349
  "x-f5xc-required-for": {
2277
2350
  "minimum_config": false,
2278
2351
  "create": false,
@@ -2293,6 +2366,8 @@
2293
2366
  "x-validation-rules": {
2294
2367
  "ves.io.schema.rules.string.query_time": "true"
2295
2368
  },
2369
+ "x-f5xc-description-short": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated...",
2370
+ "x-f5xc-description-medium": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
2296
2371
  "minLength": 0,
2297
2372
  "maxLength": 1024,
2298
2373
  "x-f5xc-required-for": {
@@ -2309,6 +2384,7 @@
2309
2384
  "x-displayname": "Namespace",
2310
2385
  "x-ves-example": "Bloggin-app-namespace-1.",
2311
2386
  "x-f5xc-example": "bloggin-app-namespace-1",
2387
+ "x-f5xc-description-short": "Fetch security events for a given namespace.",
2312
2388
  "minLength": 0,
2313
2389
  "maxLength": 6,
2314
2390
  "x-f5xc-required-for": {
@@ -2319,7 +2395,7 @@
2319
2395
  },
2320
2396
  "x-original-maxLength": 1024,
2321
2397
  "x-reconciled-from-discovery": true,
2322
- "x-reconciled-at": "2026-01-05T18:28:44.310518+00:00"
2398
+ "x-reconciled-at": "2026-01-07T15:27:53.793036+00:00"
2323
2399
  },
2324
2400
  "query": {
2325
2401
  "type": "string",
@@ -2328,6 +2404,8 @@
2328
2404
  "x-displayname": "Query",
2329
2405
  "x-ves-example": "Query={app_type=\"blogging_app\"}",
2330
2406
  "x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
2407
+ "x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
2408
+ "x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security event may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
2331
2409
  "minLength": 0,
2332
2410
  "maxLength": 1024,
2333
2411
  "x-f5xc-required-for": {
@@ -2350,6 +2428,8 @@
2350
2428
  "x-validation-rules": {
2351
2429
  "ves.io.schema.rules.string.query_time": "true"
2352
2430
  },
2431
+ "x-f5xc-description-short": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
2432
+ "x-f5xc-description-medium": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
2353
2433
  "minLength": 0,
2354
2434
  "maxLength": 1024,
2355
2435
  "x-f5xc-required-for": {
@@ -2360,6 +2440,7 @@
2360
2440
  }
2361
2441
  }
2362
2442
  },
2443
+ "x-f5xc-description-short": "Request to GET only aggregation data for security events.",
2363
2444
  "x-f5xc-minimum-configuration": {
2364
2445
  "description": "Minimum configuration for app_securitySecurityEventsAggregationRequest",
2365
2446
  "required_fields": [
@@ -2388,6 +2469,8 @@
2388
2469
  "description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregation data is key'ed with the aggregation name specified in the request.",
2389
2470
  "title": "Aggregations.",
2390
2471
  "x-displayname": "Aggregations.",
2472
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
2473
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key'ed with the...",
2391
2474
  "x-f5xc-required-for": {
2392
2475
  "minimum_config": false,
2393
2476
  "create": false,
@@ -2403,6 +2486,7 @@
2403
2486
  "x-displayname": "Total Hits.",
2404
2487
  "x-ves-example": "0",
2405
2488
  "x-f5xc-example": "0",
2489
+ "x-f5xc-description-short": "Total number of security events that matched the query.",
2406
2490
  "minLength": 0,
2407
2491
  "maxLength": 1024,
2408
2492
  "x-f5xc-required-for": {
@@ -2413,6 +2497,7 @@
2413
2497
  }
2414
2498
  }
2415
2499
  },
2500
+ "x-f5xc-description-short": "Response message for SecurityEventsAggregationRequest.",
2416
2501
  "x-f5xc-minimum-configuration": {
2417
2502
  "description": "Minimum configuration for app_securitySecurityEventsAggregationResponse",
2418
2503
  "required_fields": [
@@ -2446,6 +2531,8 @@
2446
2531
  "x-validation-rules": {
2447
2532
  "ves.io.schema.rules.string.query_time": "true"
2448
2533
  },
2534
+ "x-f5xc-description-short": "End time of metric collection from which data will be considered.",
2535
+ "x-f5xc-description-medium": "End time of metric collection from which data will be considered. Format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
2449
2536
  "minLength": 0,
2450
2537
  "maxLength": 1024,
2451
2538
  "x-f5xc-required-for": {
@@ -2463,6 +2550,8 @@
2463
2550
  "$ref": "#/components/schemas/metricsSecurityMetricLabel"
2464
2551
  },
2465
2552
  "x-displayname": "Group By",
2553
+ "x-f5xc-description-short": "Aggregate data by one or more labels listed here. , , , , . Optional: If not specified, then the security events are aggregated/grouped by , .",
2554
+ "x-f5xc-description-medium": "Aggregate data by one or more labels listed here. , , , , . Optional: If not specified, then the security events are aggregated/grouped by , .",
2466
2555
  "x-f5xc-required-for": {
2467
2556
  "minimum_config": false,
2468
2557
  "create": false,
@@ -2478,6 +2567,8 @@
2478
2567
  "$ref": "#/components/schemas/metricsSecurityMetricLabelFilter"
2479
2568
  },
2480
2569
  "x-displayname": "Label Filter.",
2570
+ "x-f5xc-description-short": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the .",
2571
+ "x-f5xc-description-medium": "List of label filter expressions of the form \"label\" \"value\". Response will only contain data that matches all the conditions specified in the . One or more of the following labels can be specified in the label_filter. , , , .",
2481
2572
  "x-f5xc-required-for": {
2482
2573
  "minimum_config": false,
2483
2574
  "create": false,
@@ -2492,6 +2583,7 @@
2492
2583
  "x-displayname": "Namespace",
2493
2584
  "x-ves-example": "Bloggin-app-namespace-1.",
2494
2585
  "x-f5xc-example": "bloggin-app-namespace-1",
2586
+ "x-f5xc-description-short": "Namespace is used to scope the security events for the given namespace.",
2495
2587
  "minLength": 0,
2496
2588
  "maxLength": 6,
2497
2589
  "x-f5xc-required-for": {
@@ -2502,7 +2594,7 @@
2502
2594
  },
2503
2595
  "x-original-maxLength": 1024,
2504
2596
  "x-reconciled-from-discovery": true,
2505
- "x-reconciled-at": "2026-01-05T18:28:44.310533+00:00"
2597
+ "x-reconciled-at": "2026-01-07T15:27:53.793052+00:00"
2506
2598
  },
2507
2599
  "start_time": {
2508
2600
  "type": "string",
@@ -2517,6 +2609,8 @@
2517
2609
  "x-validation-rules": {
2518
2610
  "ves.io.schema.rules.string.query_time": "true"
2519
2611
  },
2612
+ "x-f5xc-description-short": "Start time of metric collection from which data will be considered.",
2613
+ "x-f5xc-description-medium": "Start time of metric collection from which data will be considered. Format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
2520
2614
  "minLength": 0,
2521
2615
  "maxLength": 1024,
2522
2616
  "x-f5xc-required-for": {
@@ -2539,6 +2633,8 @@
2539
2633
  "x-validation-rules": {
2540
2634
  "ves.io.schema.rules.string.query_step": "true"
2541
2635
  },
2636
+ "x-f5xc-description-short": "Step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.",
2637
+ "x-f5xc-description-medium": "Step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
2542
2638
  "minLength": 0,
2543
2639
  "maxLength": 1024,
2544
2640
  "x-f5xc-required-for": {
@@ -2549,6 +2645,7 @@
2549
2645
  }
2550
2646
  }
2551
2647
  },
2648
+ "x-f5xc-description-short": "Request to GET number of security events for a given namespace.",
2552
2649
  "x-f5xc-minimum-configuration": {
2553
2650
  "description": "Minimum configuration for app_securitySecurityEventsCountRequest",
2554
2651
  "required_fields": [
@@ -2581,6 +2678,7 @@
2581
2678
  "$ref": "#/components/schemas/metricsSecurityEventsCounter"
2582
2679
  },
2583
2680
  "x-displayname": "Security events counter data.",
2681
+ "x-f5xc-example": "{\"key\": \"value\"}",
2584
2682
  "x-f5xc-required-for": {
2585
2683
  "minimum_config": false,
2586
2684
  "create": false,
@@ -2601,6 +2699,8 @@
2601
2699
  "x-validation-rules": {
2602
2700
  "ves.io.schema.rules.string.time_interval": "true"
2603
2701
  },
2702
+ "x-f5xc-description-short": "Actual step size used in the response. It could be higher than the requested step due to metric rollups and the query duration.",
2703
+ "x-f5xc-description-medium": "Actual step size used in the response. It could be higher than the requested step due to metric rollups and the query duration. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
2604
2704
  "minLength": 0,
2605
2705
  "maxLength": 1024,
2606
2706
  "x-f5xc-required-for": {
@@ -2611,6 +2711,8 @@
2611
2711
  }
2612
2712
  }
2613
2713
  },
2714
+ "x-f5xc-description-short": "Number of security events for each unique combination of group_by labels in the SecurityEventsCountRequest.",
2715
+ "x-f5xc-description-medium": "Number of security events for each unique combination of group_by labels in the SecurityEventsCountRequest.",
2614
2716
  "x-f5xc-minimum-configuration": {
2615
2717
  "description": "Minimum configuration for app_securitySecurityEventsCountResponse",
2616
2718
  "required_fields": [
@@ -2637,6 +2739,7 @@
2637
2739
  "format": "uint64",
2638
2740
  "x-displayname": "Count",
2639
2741
  "x-f5xc-example": "15",
2742
+ "x-f5xc-description-short": "The number of security events for virtual host in the given namespace.",
2640
2743
  "minLength": 0,
2641
2744
  "maxLength": 1024,
2642
2745
  "x-f5xc-required-for": {
@@ -2654,6 +2757,7 @@
2654
2757
  "x-displayname": "Maximum time.",
2655
2758
  "x-ves-example": "01-01-1970T00:00:00Z.",
2656
2759
  "x-f5xc-example": "01-01-1970T00:00:00Z",
2760
+ "x-f5xc-description-short": "Maximum start time at which security event was found.",
2657
2761
  "minLength": 0,
2658
2762
  "maxLength": 1024,
2659
2763
  "x-f5xc-required-for": {
@@ -2671,6 +2775,7 @@
2671
2775
  "x-displayname": "Minimum time.",
2672
2776
  "x-ves-example": "01-01-1970T00:00:00Z.",
2673
2777
  "x-f5xc-example": "01-01-1970T00:00:00Z",
2778
+ "x-f5xc-description-short": "Minimum time at which the secuirty event was found.",
2674
2779
  "minLength": 0,
2675
2780
  "maxLength": 1024,
2676
2781
  "x-f5xc-required-for": {
@@ -2707,6 +2812,8 @@
2707
2812
  "description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
2708
2813
  "title": "Aggregations.",
2709
2814
  "x-displayname": "Aggregations.",
2815
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
2816
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
2710
2817
  "x-f5xc-required-for": {
2711
2818
  "minimum_config": false,
2712
2819
  "create": false,
@@ -2727,6 +2834,8 @@
2727
2834
  "x-validation-rules": {
2728
2835
  "ves.io.schema.rules.string.query_time": "true"
2729
2836
  },
2837
+ "x-f5xc-description-short": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated...",
2838
+ "x-f5xc-description-medium": "Fetch security events whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
2730
2839
  "minLength": 0,
2731
2840
  "maxLength": 1024,
2732
2841
  "x-f5xc-required-for": {
@@ -2744,6 +2853,8 @@
2744
2853
  "x-displayname": "Limit",
2745
2854
  "x-ves-example": "100",
2746
2855
  "x-f5xc-example": "100",
2856
+ "x-f5xc-description-short": "Limits the number of security events returned in the response Optional: If not specified, first or last 500 security events that matches the query...",
2857
+ "x-f5xc-description-medium": "Limits the number of security events returned in the response Optional: If not specified, first or last 500 security events that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.",
2747
2858
  "minimum": 0,
2748
2859
  "maximum": 2147483647,
2749
2860
  "x-f5xc-required-for": {
@@ -2760,6 +2871,7 @@
2760
2871
  "x-displayname": "Namespace",
2761
2872
  "x-ves-example": "Bloggin-app-namespace-1.",
2762
2873
  "x-f5xc-example": "bloggin-app-namespace-1",
2874
+ "x-f5xc-description-short": "Fetch security events for a given namespace.",
2763
2875
  "minLength": 0,
2764
2876
  "maxLength": 6,
2765
2877
  "x-f5xc-required-for": {
@@ -2770,7 +2882,7 @@
2770
2882
  },
2771
2883
  "x-original-maxLength": 1024,
2772
2884
  "x-reconciled-from-discovery": true,
2773
- "x-reconciled-at": "2026-01-05T18:28:44.310553+00:00"
2885
+ "x-reconciled-at": "2026-01-07T15:27:53.793072+00:00"
2774
2886
  },
2775
2887
  "query": {
2776
2888
  "type": "string",
@@ -2779,6 +2891,8 @@
2779
2891
  "x-displayname": "Query",
2780
2892
  "x-ves-example": "Query={app_type=\"blogging_app\"}",
2781
2893
  "x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
2894
+ "x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
2895
+ "x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security event may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
2782
2896
  "minLength": 0,
2783
2897
  "maxLength": 1024,
2784
2898
  "x-f5xc-required-for": {
@@ -2796,6 +2910,8 @@
2796
2910
  "x-displayname": "Scroll",
2797
2911
  "x-ves-example": "True",
2798
2912
  "x-f5xc-example": "true",
2913
+ "x-f5xc-description-short": "Scroll is used to retrieve large number of security events (or all security events) that matches the query.",
2914
+ "x-f5xc-description-medium": "Scroll is used to retrieve large number of security events (or all security events) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of security events until there are no more security events left to return. The...",
2799
2915
  "x-f5xc-required-for": {
2800
2916
  "minimum_config": false,
2801
2917
  "create": false,
@@ -2811,6 +2927,8 @@
2811
2927
  "description": "Optional: default is sort by last_event_time.",
2812
2928
  "title": "Sort by",
2813
2929
  "x-displayname": "Sort By",
2930
+ "x-f5xc-example": "{\"key\": \"value\"}",
2931
+ "x-f5xc-description-short": "Optional: default is sort by last_event_time.",
2814
2932
  "minLength": 0,
2815
2933
  "maxLength": 1024,
2816
2934
  "x-f5xc-required-for": {
@@ -2833,6 +2951,8 @@
2833
2951
  "x-validation-rules": {
2834
2952
  "ves.io.schema.rules.string.query_time": "true"
2835
2953
  },
2954
+ "x-f5xc-description-short": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
2955
+ "x-f5xc-description-medium": "Fetch security events whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
2836
2956
  "minLength": 0,
2837
2957
  "maxLength": 1024,
2838
2958
  "x-f5xc-required-for": {
@@ -2875,6 +2995,8 @@
2875
2995
  "description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
2876
2996
  "title": "Aggregations.",
2877
2997
  "x-displayname": "Aggregations.",
2998
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
2999
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
2878
3000
  "x-f5xc-required-for": {
2879
3001
  "minimum_config": false,
2880
3002
  "create": false,
@@ -2892,6 +3014,7 @@
2892
3014
  "x-displayname": "Events",
2893
3015
  "x-ves-example": "Value",
2894
3016
  "x-f5xc-example": "value",
3017
+ "x-f5xc-description-short": "List of security events that matched the query. Contains no more than 500 messages.",
2895
3018
  "x-f5xc-required-for": {
2896
3019
  "minimum_config": false,
2897
3020
  "create": false,
@@ -2906,6 +3029,8 @@
2906
3029
  "x-displayname": "Scroll ID",
2907
3030
  "x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
2908
3031
  "x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
3032
+ "x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve the next batch of security events using the scroll request.",
3033
+ "x-f5xc-description-medium": "Long Base-64 encoded string which can be used to retrieve the next batch of security events using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF).",
2909
3034
  "minLength": 0,
2910
3035
  "maxLength": 1024,
2911
3036
  "x-f5xc-required-for": {
@@ -2924,6 +3049,7 @@
2924
3049
  "x-displayname": "Total Hits.",
2925
3050
  "x-ves-example": "0",
2926
3051
  "x-f5xc-example": "0",
3052
+ "x-f5xc-description-short": "Total number of security events that matched the query.",
2927
3053
  "minLength": 0,
2928
3054
  "maxLength": 1024,
2929
3055
  "x-f5xc-required-for": {
@@ -2934,6 +3060,7 @@
2934
3060
  }
2935
3061
  }
2936
3062
  },
3063
+ "x-f5xc-description-short": "Response message for SecurityEventsRequest/SecurityEventsScrollRequest.",
2937
3064
  "x-f5xc-minimum-configuration": {
2938
3065
  "description": "Minimum configuration for app_securitySecurityEventsResponse",
2939
3066
  "required_fields": [
@@ -2963,6 +3090,7 @@
2963
3090
  "x-displayname": "Namespace",
2964
3091
  "x-ves-example": "Bloggin-app-namespace-1.",
2965
3092
  "x-f5xc-example": "bloggin-app-namespace-1",
3093
+ "x-f5xc-description-short": "Fetch the WAF security events scoped by namespace.",
2966
3094
  "minLength": 0,
2967
3095
  "maxLength": 6,
2968
3096
  "x-f5xc-required-for": {
@@ -2973,7 +3101,7 @@
2973
3101
  },
2974
3102
  "x-original-maxLength": 1024,
2975
3103
  "x-reconciled-from-discovery": true,
2976
- "x-reconciled-at": "2026-01-05T18:28:44.310571+00:00"
3104
+ "x-reconciled-at": "2026-01-07T15:27:53.793090+00:00"
2977
3105
  },
2978
3106
  "scroll_id": {
2979
3107
  "type": "string",
@@ -2982,6 +3110,7 @@
2982
3110
  "x-displayname": "Scroll ID",
2983
3111
  "x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
2984
3112
  "x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
3113
+ "x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve next batch of security events.",
2985
3114
  "minLength": 0,
2986
3115
  "maxLength": 1024,
2987
3116
  "x-f5xc-required-for": {
@@ -2993,6 +3122,8 @@
2993
3122
  "x-field-mutability": "read-only"
2994
3123
  }
2995
3124
  },
3125
+ "x-f5xc-description-short": "Scroll request is used to fetch large number of security events in multiple batches with each SecurityEventsResponse containing no more than 500...",
3126
+ "x-f5xc-description-medium": "Scroll request is used to fetch large number of security events in multiple batches with each SecurityEventsResponse containing no more than 500 messages. To scroll through more than 500 or all WAF security events, one can use the SecurityEventScrollRequest. Use the scroll_id returned in the...",
2996
3127
  "x-f5xc-minimum-configuration": {
2997
3128
  "description": "Minimum configuration for app_securitySecurityEventsScrollRequest",
2998
3129
  "required_fields": [
@@ -3018,6 +3149,8 @@
3018
3149
  "description": "Aggregations provide summary/analytics data over security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations. The aggregations are key'ed by user-defined aggregation name.\nThe response will be key'ed with the same name.\nOptional.",
3019
3150
  "title": "Aggregations.",
3020
3151
  "x-displayname": "Aggregations.",
3152
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over security incidents response.",
3153
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
3021
3154
  "x-f5xc-required-for": {
3022
3155
  "minimum_config": false,
3023
3156
  "create": false,
@@ -3038,6 +3171,8 @@
3038
3171
  "x-validation-rules": {
3039
3172
  "ves.io.schema.rules.string.query_time": "true"
3040
3173
  },
3174
+ "x-f5xc-description-short": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
3175
+ "x-f5xc-description-medium": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
3041
3176
  "minLength": 0,
3042
3177
  "maxLength": 1024,
3043
3178
  "x-f5xc-required-for": {
@@ -3054,6 +3189,7 @@
3054
3189
  "x-displayname": "Namespace",
3055
3190
  "x-ves-example": "Bloggin-app-namespace-1.",
3056
3191
  "x-f5xc-example": "bloggin-app-namespace-1",
3192
+ "x-f5xc-description-short": "Fetch security incidents for a given namespace.",
3057
3193
  "minLength": 0,
3058
3194
  "maxLength": 6,
3059
3195
  "x-f5xc-required-for": {
@@ -3064,7 +3200,7 @@
3064
3200
  },
3065
3201
  "x-original-maxLength": 1024,
3066
3202
  "x-reconciled-from-discovery": true,
3067
- "x-reconciled-at": "2026-01-05T18:28:44.310580+00:00"
3203
+ "x-reconciled-at": "2026-01-07T15:27:53.793099+00:00"
3068
3204
  },
3069
3205
  "query": {
3070
3206
  "type": "string",
@@ -3073,6 +3209,8 @@
3073
3209
  "x-displayname": "Query",
3074
3210
  "x-ves-example": "Query={app_type=\"blogging_app\"}",
3075
3211
  "x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
3212
+ "x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
3213
+ "x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security event may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
3076
3214
  "minLength": 0,
3077
3215
  "maxLength": 1024,
3078
3216
  "x-f5xc-required-for": {
@@ -3095,6 +3233,8 @@
3095
3233
  "x-validation-rules": {
3096
3234
  "ves.io.schema.rules.string.query_time": "true"
3097
3235
  },
3236
+ "x-f5xc-description-short": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
3237
+ "x-f5xc-description-medium": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
3098
3238
  "minLength": 0,
3099
3239
  "maxLength": 1024,
3100
3240
  "x-f5xc-required-for": {
@@ -3105,6 +3245,7 @@
3105
3245
  }
3106
3246
  }
3107
3247
  },
3248
+ "x-f5xc-description-short": "Request to GET only aggregation data for security incidents.",
3108
3249
  "x-f5xc-minimum-configuration": {
3109
3250
  "description": "Minimum configuration for app_securitySecurityIncidentsAggregationRequest",
3110
3251
  "required_fields": [
@@ -3133,6 +3274,8 @@
3133
3274
  "description": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations. The aggregation data is key'ed with the aggregation name specified in the request.",
3134
3275
  "title": "Aggregations.",
3135
3276
  "x-displayname": "Aggregations.",
3277
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security incidents response.",
3278
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key'ed with...",
3136
3279
  "x-f5xc-required-for": {
3137
3280
  "minimum_config": false,
3138
3281
  "create": false,
@@ -3148,6 +3291,7 @@
3148
3291
  "x-displayname": "Total Hits.",
3149
3292
  "x-ves-example": "0",
3150
3293
  "x-f5xc-example": "0",
3294
+ "x-f5xc-description-short": "Total number of security incidents that matched the query.",
3151
3295
  "minLength": 0,
3152
3296
  "maxLength": 1024,
3153
3297
  "x-f5xc-required-for": {
@@ -3158,6 +3302,7 @@
3158
3302
  }
3159
3303
  }
3160
3304
  },
3305
+ "x-f5xc-description-short": "Response message for SecurityIncidentsAggregationRequest.",
3161
3306
  "x-f5xc-minimum-configuration": {
3162
3307
  "description": "Minimum configuration for app_securitySecurityIncidentsAggregationResponse",
3163
3308
  "required_fields": [
@@ -3183,6 +3328,8 @@
3183
3328
  "description": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations. The aggregations are key'ed by user-defined aggregation name. The response\nwill be key'ed with the same name.\nOptional.",
3184
3329
  "title": "Aggregations.",
3185
3330
  "x-displayname": "Aggregations.",
3331
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security incidents response.",
3332
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by...",
3186
3333
  "x-f5xc-required-for": {
3187
3334
  "minimum_config": false,
3188
3335
  "create": false,
@@ -3203,6 +3350,8 @@
3203
3350
  "x-validation-rules": {
3204
3351
  "ves.io.schema.rules.string.query_time": "true"
3205
3352
  },
3353
+ "x-f5xc-description-short": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
3354
+ "x-f5xc-description-medium": "Fetch security incidents whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
3206
3355
  "minLength": 0,
3207
3356
  "maxLength": 1024,
3208
3357
  "x-f5xc-required-for": {
@@ -3220,6 +3369,8 @@
3220
3369
  "x-displayname": "Limit",
3221
3370
  "x-ves-example": "100",
3222
3371
  "x-f5xc-example": "100",
3372
+ "x-f5xc-description-short": "Limits the number of security incidents returned in the response Optional: If not specified, first or last 500 security events that matches the...",
3373
+ "x-f5xc-description-medium": "Limits the number of security incidents returned in the response Optional: If not specified, first or last 500 security events that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.",
3223
3374
  "minimum": 0,
3224
3375
  "maximum": 2147483647,
3225
3376
  "x-f5xc-required-for": {
@@ -3236,6 +3387,7 @@
3236
3387
  "x-displayname": "Namespace",
3237
3388
  "x-ves-example": "Bloggin-app-namespace-1.",
3238
3389
  "x-f5xc-example": "bloggin-app-namespace-1",
3390
+ "x-f5xc-description-short": "Fetch security incidents for a given namespace.",
3239
3391
  "minLength": 0,
3240
3392
  "maxLength": 6,
3241
3393
  "x-f5xc-required-for": {
@@ -3246,7 +3398,7 @@
3246
3398
  },
3247
3399
  "x-original-maxLength": 1024,
3248
3400
  "x-reconciled-from-discovery": true,
3249
- "x-reconciled-at": "2026-01-05T18:28:44.310595+00:00"
3401
+ "x-reconciled-at": "2026-01-07T15:27:53.793114+00:00"
3250
3402
  },
3251
3403
  "query": {
3252
3404
  "type": "string",
@@ -3255,6 +3407,8 @@
3255
3407
  "x-displayname": "Query",
3256
3408
  "x-ves-example": "Query={app_type=\"blogging_app\"}",
3257
3409
  "x-f5xc-example": "\"query={app_type=\"blogging_app\"}\"",
3410
+ "x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
3411
+ "x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the security incident may be specified in the query. Vh_name - name of the virtual host src_site - source site city ...",
3258
3412
  "minLength": 0,
3259
3413
  "maxLength": 1024,
3260
3414
  "x-f5xc-required-for": {
@@ -3272,6 +3426,8 @@
3272
3426
  "x-displayname": "Scroll",
3273
3427
  "x-ves-example": "True",
3274
3428
  "x-f5xc-example": "true",
3429
+ "x-f5xc-description-short": "Scroll is used to retrieve large number of security incidents (or all security incidents) that matches the query.",
3430
+ "x-f5xc-description-medium": "Scroll is used to retrieve large number of security incidents (or all security incidents) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of security events until there are no more security events left to...",
3275
3431
  "x-f5xc-required-for": {
3276
3432
  "minimum_config": false,
3277
3433
  "create": false,
@@ -3287,6 +3443,8 @@
3287
3443
  "description": "Optional: default is sort by last_event_time.",
3288
3444
  "title": "Sort by",
3289
3445
  "x-displayname": "Sort By",
3446
+ "x-f5xc-example": "{\"key\": \"value\"}",
3447
+ "x-f5xc-description-short": "Optional: default is sort by last_event_time.",
3290
3448
  "minLength": 0,
3291
3449
  "maxLength": 1024,
3292
3450
  "x-f5xc-required-for": {
@@ -3309,6 +3467,8 @@
3309
3467
  "x-validation-rules": {
3310
3468
  "ves.io.schema.rules.string.query_time": "true"
3311
3469
  },
3470
+ "x-f5xc-description-short": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
3471
+ "x-f5xc-description-medium": "Fetch security incidents whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
3312
3472
  "minLength": 0,
3313
3473
  "maxLength": 1024,
3314
3474
  "x-f5xc-required-for": {
@@ -3351,6 +3511,8 @@
3351
3511
  "description": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents\nthat matched the query is large and cannot be returned in a single response message, user can GET helpful\ninsights/summary using aggregations.",
3352
3512
  "title": "Aggregations.",
3353
3513
  "x-displayname": "Aggregations.",
3514
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security incidents response.",
3515
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
3354
3516
  "x-f5xc-required-for": {
3355
3517
  "minimum_config": false,
3356
3518
  "create": false,
@@ -3368,6 +3530,7 @@
3368
3530
  "x-displayname": "Incidents",
3369
3531
  "x-ves-example": "Value",
3370
3532
  "x-f5xc-example": "value",
3533
+ "x-f5xc-description-short": "List of security incidents that matched the query. Contains no more than 500 messages.",
3371
3534
  "x-f5xc-required-for": {
3372
3535
  "minimum_config": false,
3373
3536
  "create": false,
@@ -3382,6 +3545,8 @@
3382
3545
  "x-displayname": "Scroll ID",
3383
3546
  "x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
3384
3547
  "x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
3548
+ "x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve the next batch of security incidents using the scroll request.",
3549
+ "x-f5xc-description-medium": "Long Base-64 encoded string which can be used to retrieve the next batch of security incidents using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF).",
3385
3550
  "minLength": 0,
3386
3551
  "maxLength": 1024,
3387
3552
  "x-f5xc-required-for": {
@@ -3400,6 +3565,7 @@
3400
3565
  "x-displayname": "Total Hits.",
3401
3566
  "x-ves-example": "0",
3402
3567
  "x-f5xc-example": "0",
3568
+ "x-f5xc-description-short": "Total number of security events that matched the query.",
3403
3569
  "minLength": 0,
3404
3570
  "maxLength": 1024,
3405
3571
  "x-f5xc-required-for": {
@@ -3410,6 +3576,7 @@
3410
3576
  }
3411
3577
  }
3412
3578
  },
3579
+ "x-f5xc-description-short": "Response message for SecurityIncidentsRequest/SecurityIncidentsScrollRequest.",
3413
3580
  "x-f5xc-minimum-configuration": {
3414
3581
  "description": "Minimum configuration for app_securitySecurityIncidentsResponse",
3415
3582
  "required_fields": [
@@ -3439,6 +3606,7 @@
3439
3606
  "x-displayname": "Namespace",
3440
3607
  "x-ves-example": "Bloggin-app-namespace-1.",
3441
3608
  "x-f5xc-example": "bloggin-app-namespace-1",
3609
+ "x-f5xc-description-short": "Fetch security incidents for a given namespace.",
3442
3610
  "minLength": 0,
3443
3611
  "maxLength": 6,
3444
3612
  "x-f5xc-required-for": {
@@ -3449,7 +3617,7 @@
3449
3617
  },
3450
3618
  "x-original-maxLength": 1024,
3451
3619
  "x-reconciled-from-discovery": true,
3452
- "x-reconciled-at": "2026-01-05T18:28:44.310613+00:00"
3620
+ "x-reconciled-at": "2026-01-07T15:27:53.793132+00:00"
3453
3621
  },
3454
3622
  "scroll_id": {
3455
3623
  "type": "string",
@@ -3458,6 +3626,7 @@
3458
3626
  "x-displayname": "Scroll ID",
3459
3627
  "x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
3460
3628
  "x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
3629
+ "x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve next batch of security events.",
3461
3630
  "minLength": 0,
3462
3631
  "maxLength": 1024,
3463
3632
  "x-f5xc-required-for": {
@@ -3469,6 +3638,8 @@
3469
3638
  "x-field-mutability": "read-only"
3470
3639
  }
3471
3640
  },
3641
+ "x-f5xc-description-short": "Scroll request is used to fetch large number of security incidents in multiple batches with each SecurityIncidentsResponse containing no more than...",
3642
+ "x-f5xc-description-medium": "Scroll request is used to fetch large number of security incidents in multiple batches with each SecurityIncidentsResponse containing no more than 500 messages. To scroll through more than 500 or all security incidents, one can use the SecurityIncidentsScrollRequest. Use the scroll_id returned...",
3472
3643
  "x-f5xc-minimum-configuration": {
3473
3644
  "description": "Minimum configuration for app_securitySecurityIncidentsScrollRequest",
3474
3645
  "required_fields": [
@@ -3494,6 +3665,8 @@
3494
3665
  "description": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
3495
3666
  "title": "Aggregations.",
3496
3667
  "x-displayname": "Aggregations.",
3668
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the suspicious user logs response.",
3669
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by user-defined...",
3497
3670
  "x-f5xc-required-for": {
3498
3671
  "minimum_config": false,
3499
3672
  "create": false,
@@ -3514,6 +3687,8 @@
3514
3687
  "x-validation-rules": {
3515
3688
  "ves.io.schema.rules.string.query_time": "true"
3516
3689
  },
3690
+ "x-f5xc-description-short": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
3691
+ "x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
3517
3692
  "minLength": 0,
3518
3693
  "maxLength": 1024,
3519
3694
  "x-f5xc-required-for": {
@@ -3530,6 +3705,7 @@
3530
3705
  "x-displayname": "Namespace",
3531
3706
  "x-ves-example": "Bloggin-app-namespace-1.",
3532
3707
  "x-f5xc-example": "bloggin-app-namespace-1",
3708
+ "x-f5xc-description-short": "Fetch suspicious user logs for a given namespace.",
3533
3709
  "minLength": 0,
3534
3710
  "maxLength": 6,
3535
3711
  "x-f5xc-required-for": {
@@ -3540,7 +3716,7 @@
3540
3716
  },
3541
3717
  "x-original-maxLength": 1024,
3542
3718
  "x-reconciled-from-discovery": true,
3543
- "x-reconciled-at": "2026-01-05T18:28:44.310622+00:00"
3719
+ "x-reconciled-at": "2026-01-07T15:27:53.793140+00:00"
3544
3720
  },
3545
3721
  "query": {
3546
3722
  "type": "string",
@@ -3549,6 +3725,8 @@
3549
3725
  "x-displayname": "Query",
3550
3726
  "x-ves-example": "Query={vh_name=\"vh-1\", site=\"CE-01\"}",
3551
3727
  "x-f5xc-example": "\"query={vh_name=\"vh-1\", site=\"ce-01\"}\"",
3728
+ "x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
3729
+ "x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the suspicious user logs may be specified in the query. Vh_name - name of the virtual host user - user ID site ...",
3552
3730
  "minLength": 0,
3553
3731
  "maxLength": 1024,
3554
3732
  "x-f5xc-required-for": {
@@ -3571,6 +3749,8 @@
3571
3749
  "x-validation-rules": {
3572
3750
  "ves.io.schema.rules.string.query_time": "true"
3573
3751
  },
3752
+ "x-f5xc-description-short": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
3753
+ "x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
3574
3754
  "minLength": 0,
3575
3755
  "maxLength": 1024,
3576
3756
  "x-f5xc-required-for": {
@@ -3581,6 +3761,7 @@
3581
3761
  }
3582
3762
  }
3583
3763
  },
3764
+ "x-f5xc-description-short": "Request to GET only aggregation data for suspicious user logs.",
3584
3765
  "x-f5xc-minimum-configuration": {
3585
3766
  "description": "Minimum configuration for app_securitySuspiciousUserLogsAggregationRequest",
3586
3767
  "required_fields": [
@@ -3609,6 +3790,8 @@
3609
3790
  "description": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregation data is key'ed with the aggregation name specified in the request.",
3610
3791
  "title": "Aggregations.",
3611
3792
  "x-displayname": "Aggregations.",
3793
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the suspicious user logs response.",
3794
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key'ed with the...",
3612
3795
  "x-f5xc-required-for": {
3613
3796
  "minimum_config": false,
3614
3797
  "create": false,
@@ -3624,6 +3807,7 @@
3624
3807
  "x-displayname": "Total Hits.",
3625
3808
  "x-ves-example": "1400",
3626
3809
  "x-f5xc-example": "1400",
3810
+ "x-f5xc-description-short": "Total number of suspicious user logs that matched the query.",
3627
3811
  "minLength": 0,
3628
3812
  "maxLength": 1024,
3629
3813
  "x-f5xc-required-for": {
@@ -3634,6 +3818,7 @@
3634
3818
  }
3635
3819
  }
3636
3820
  },
3821
+ "x-f5xc-description-short": "Response message for SuspiciousUserLogsAggregationRequest.",
3637
3822
  "x-f5xc-minimum-configuration": {
3638
3823
  "description": "Minimum configuration for app_securitySuspiciousUserLogsAggregationResponse",
3639
3824
  "required_fields": [
@@ -3659,6 +3844,8 @@
3659
3844
  "description": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.\nThe aggregations are key'ed by user-defined aggregation name. The response will be key'ed with the same name.\nOptional.",
3660
3845
  "title": "Aggregations.",
3661
3846
  "x-displayname": "Aggregations.",
3847
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the suspicious user logs response.",
3848
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the suspicious user logs response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key'ed by user-defined...",
3662
3849
  "x-f5xc-required-for": {
3663
3850
  "minimum_config": false,
3664
3851
  "create": false,
@@ -3679,6 +3866,8 @@
3679
3866
  "x-validation-rules": {
3680
3867
  "ves.io.schema.rules.string.query_time": "true"
3681
3868
  },
3869
+ "x-f5xc-description-short": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be...",
3870
+ "x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp <= end_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to <current time>.",
3682
3871
  "minLength": 0,
3683
3872
  "maxLength": 1024,
3684
3873
  "x-f5xc-required-for": {
@@ -3696,6 +3885,8 @@
3696
3885
  "x-displayname": "Limit",
3697
3886
  "x-ves-example": "100",
3698
3887
  "x-f5xc-example": "100",
3888
+ "x-f5xc-description-short": "Limits the number of logs returned in the response Optional: If not specified, first or last 500 logs that matches the query (depending on the...",
3889
+ "x-f5xc-description-medium": "Limits the number of logs returned in the response Optional: If not specified, first or last 500 logs that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.",
3699
3890
  "minimum": 0,
3700
3891
  "maximum": 2147483647,
3701
3892
  "x-f5xc-required-for": {
@@ -3712,6 +3903,7 @@
3712
3903
  "x-displayname": "Namespace",
3713
3904
  "x-ves-example": "Bloggin-app-namespace-1.",
3714
3905
  "x-f5xc-example": "bloggin-app-namespace-1",
3906
+ "x-f5xc-description-short": "Fetch suspicious user logs for a given namespace.",
3715
3907
  "minLength": 0,
3716
3908
  "maxLength": 6,
3717
3909
  "x-f5xc-required-for": {
@@ -3722,7 +3914,7 @@
3722
3914
  },
3723
3915
  "x-original-maxLength": 1024,
3724
3916
  "x-reconciled-from-discovery": true,
3725
- "x-reconciled-at": "2026-01-05T18:28:44.310638+00:00"
3917
+ "x-reconciled-at": "2026-01-07T15:27:53.793156+00:00"
3726
3918
  },
3727
3919
  "query": {
3728
3920
  "type": "string",
@@ -3731,6 +3923,8 @@
3731
3923
  "x-displayname": "Query",
3732
3924
  "x-ves-example": "Query={vh_name=\"vh-1\", site=\"CE-01\"}",
3733
3925
  "x-f5xc-example": "\"query={vh_name=\"vh-1\", site=\"ce-01\"}\"",
3926
+ "x-f5xc-description-short": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> :=...",
3927
+ "x-f5xc-description-medium": "Query is used to specify the list of matchers syntax for query := {[<matcher>]} <matcher> := <field_name><operator>\"<value>\" <field_name> := string One or more of these fields in the suspicious user logs may be specified in the query. Vh_name - name of the virtual host user - user ID site ...",
3734
3928
  "minLength": 0,
3735
3929
  "maxLength": 1024,
3736
3930
  "x-f5xc-required-for": {
@@ -3748,6 +3942,8 @@
3748
3942
  "x-displayname": "Scroll",
3749
3943
  "x-ves-example": "True",
3750
3944
  "x-f5xc-example": "true",
3945
+ "x-f5xc-description-short": "Scroll is used to retrieve large number of logs (or all logs) that matches the query.",
3946
+ "x-f5xc-description-medium": "Scroll is used to retrieve large number of logs (or all logs) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of logs until there are no logs left to return. The number of logs in each batch is determined by...",
3751
3947
  "x-f5xc-required-for": {
3752
3948
  "minimum_config": false,
3753
3949
  "create": false,
@@ -3763,6 +3959,8 @@
3763
3959
  "description": "Optional: default is sort by last_event_time.",
3764
3960
  "title": "Sort by",
3765
3961
  "x-displayname": "Sort By",
3962
+ "x-f5xc-example": "{\"key\": \"value\"}",
3963
+ "x-f5xc-description-short": "Optional: default is sort by last_event_time.",
3766
3964
  "minLength": 0,
3767
3965
  "maxLength": 1024,
3768
3966
  "x-f5xc-required-for": {
@@ -3785,6 +3983,8 @@
3785
3983
  "x-validation-rules": {
3786
3984
  "ves.io.schema.rules.string.query_time": "true"
3787
3985
  },
3986
+ "x-f5xc-description-short": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be...",
3987
+ "x-f5xc-description-medium": "Fetch suspicious user logs whose timestamp >= start_time format: unix_timestamp|RFC 3339 Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to <current time>-10m.",
3788
3988
  "minLength": 0,
3789
3989
  "maxLength": 1024,
3790
3990
  "x-f5xc-required-for": {
@@ -3827,6 +4027,8 @@
3827
4027
  "description": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query\nis large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
3828
4028
  "title": "Aggregations.",
3829
4029
  "x-displayname": "Aggregations.",
4030
+ "x-f5xc-description-short": "Aggregations provide summary/analytics data over the security events response.",
4031
+ "x-f5xc-description-medium": "Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.",
3830
4032
  "x-f5xc-required-for": {
3831
4033
  "minimum_config": false,
3832
4034
  "create": false,
@@ -3844,6 +4046,7 @@
3844
4046
  "x-displayname": "Events",
3845
4047
  "x-ves-example": "Value",
3846
4048
  "x-f5xc-example": "value",
4049
+ "x-f5xc-description-short": "List of log messages that matched the query. Contains no more than 500 messages.",
3847
4050
  "x-f5xc-required-for": {
3848
4051
  "minimum_config": false,
3849
4052
  "create": false,
@@ -3858,6 +4061,8 @@
3858
4061
  "x-displayname": "Scroll ID",
3859
4062
  "x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
3860
4063
  "x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
4064
+ "x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve the next batch of suspicous user logs using the scroll request.",
4065
+ "x-f5xc-description-medium": "Long Base-64 encoded string which can be used to retrieve the next batch of suspicous user logs using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF).",
3861
4066
  "minLength": 0,
3862
4067
  "maxLength": 1024,
3863
4068
  "x-f5xc-required-for": {
@@ -3876,6 +4081,7 @@
3876
4081
  "x-displayname": "Total Hits.",
3877
4082
  "x-ves-example": "100",
3878
4083
  "x-f5xc-example": "100",
4084
+ "x-f5xc-description-short": "Total number of logs that matched the query.",
3879
4085
  "minLength": 0,
3880
4086
  "maxLength": 1024,
3881
4087
  "x-f5xc-required-for": {
@@ -3886,6 +4092,7 @@
3886
4092
  }
3887
4093
  }
3888
4094
  },
4095
+ "x-f5xc-description-short": "Response message for Suspicious User Logs Request.",
3889
4096
  "x-f5xc-minimum-configuration": {
3890
4097
  "description": "Minimum configuration for app_securitySuspiciousUserLogsResponse",
3891
4098
  "required_fields": [
@@ -3915,6 +4122,7 @@
3915
4122
  "x-displayname": "Namespace",
3916
4123
  "x-ves-example": "Bloggin-app-namespace-1.",
3917
4124
  "x-f5xc-example": "bloggin-app-namespace-1",
4125
+ "x-f5xc-description-short": "Fetch the next batch of suspicious user logs scoped by namespace.",
3918
4126
  "minLength": 0,
3919
4127
  "maxLength": 6,
3920
4128
  "x-f5xc-required-for": {
@@ -3925,7 +4133,7 @@
3925
4133
  },
3926
4134
  "x-original-maxLength": 1024,
3927
4135
  "x-reconciled-from-discovery": true,
3928
- "x-reconciled-at": "2026-01-05T18:28:44.310655+00:00"
4136
+ "x-reconciled-at": "2026-01-07T15:27:53.793173+00:00"
3929
4137
  },
3930
4138
  "scroll_id": {
3931
4139
  "type": "string",
@@ -3934,6 +4142,7 @@
3934
4142
  "x-displayname": "Scroll ID",
3935
4143
  "x-ves-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==.",
3936
4144
  "x-f5xc-example": "DXF1ZXJ5QW5kRmV0Y2gBAAAAAAAAAD4WYm9laVYtZndUQlNsdDcwakFMNjU1QQ==",
4145
+ "x-f5xc-description-short": "Long Base-64 encoded string which can be used to retrieve next batch of security events.",
3937
4146
  "minLength": 0,
3938
4147
  "maxLength": 1024,
3939
4148
  "x-f5xc-required-for": {
@@ -3945,6 +4154,8 @@
3945
4154
  "x-field-mutability": "read-only"
3946
4155
  }
3947
4156
  },
4157
+ "x-f5xc-description-short": "Scroll request is used to fetch large number of suspicious user logs in multiple batches with each SuspiciousUserLogsResponse containing no more...",
4158
+ "x-f5xc-description-medium": "Scroll request is used to fetch large number of suspicious user logs in multiple batches with each SuspiciousUserLogsResponse containing no more than 500 messages. To scroll through more than 500 or all messages, one can use the SuspiciousUserLogsScrollRequest. Use the scroll_id returned in the...",
3948
4159
  "x-f5xc-minimum-configuration": {
3949
4160
  "description": "Minimum configuration for app_securitySuspiciousUserLogsScrollRequest",
3950
4161
  "required_fields": [
@@ -3998,7 +4209,7 @@
3998
4209
  },
3999
4210
  "x-original-maxLength": 1024,
4000
4211
  "x-reconciled-from-discovery": true,
4001
- "x-reconciled-at": "2026-01-05T18:28:44.310662+00:00"
4212
+ "x-reconciled-at": "2026-01-07T15:27:53.793181+00:00"
4002
4213
  },
4003
4214
  "id": {
4004
4215
  "type": "string",
@@ -4055,6 +4266,7 @@
4055
4266
  "x-validation-rules": {
4056
4267
  "ves.io.schema.rules.message.required": "true"
4057
4268
  },
4269
+ "x-f5xc-description-short": "The Threat Campaign last update time Required: YES.",
4058
4270
  "minLength": 0,
4059
4271
  "maxLength": 1024,
4060
4272
  "x-f5xc-required-for": {
@@ -4081,6 +4293,7 @@
4081
4293
  "x-validation-rules": {
4082
4294
  "ves.io.schema.rules.message.required": "true"
4083
4295
  },
4296
+ "x-f5xc-description-short": "The Threat Campaign Malwares Required: YES.",
4084
4297
  "x-f5xc-required-for": {
4085
4298
  "minimum_config": false,
4086
4299
  "create": false,
@@ -4112,7 +4325,7 @@
4112
4325
  },
4113
4326
  "x-original-maxLength": 1024,
4114
4327
  "x-reconciled-from-discovery": true,
4115
- "x-reconciled-at": "2026-01-05T18:28:44.310673+00:00"
4328
+ "x-reconciled-at": "2026-01-07T15:27:53.793192+00:00"
4116
4329
  },
4117
4330
  "references": {
4118
4331
  "type": "array",
@@ -4171,6 +4384,7 @@
4171
4384
  "x-validation-rules": {
4172
4385
  "ves.io.schema.rules.message.required": "true"
4173
4386
  },
4387
+ "x-f5xc-description-short": "The Threat Campaign Systems Required: YES.",
4174
4388
  "x-f5xc-required-for": {
4175
4389
  "minimum_config": false,
4176
4390
  "create": false,
@@ -4179,6 +4393,7 @@
4179
4393
  }
4180
4394
  }
4181
4395
  },
4396
+ "x-f5xc-description-short": "Threat Campaign object representing the created threat campaign.",
4182
4397
  "x-f5xc-minimum-configuration": {
4183
4398
  "description": "Minimum configuration for app_securityThreatCampaign",
4184
4399
  "required_fields": [
@@ -4221,6 +4436,8 @@
4221
4436
  "$ref": "#/components/schemas/app_securityincidentsMultiFieldAggregation"
4222
4437
  }
4223
4438
  },
4439
+ "x-f5xc-description-short": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
4440
+ "x-f5xc-description-medium": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
4224
4441
  "x-f5xc-minimum-configuration": {
4225
4442
  "description": "Minimum configuration for app_securityincidentsAggregationRequest",
4226
4443
  "required_fields": [
@@ -4246,6 +4463,8 @@
4246
4463
  "$ref": "#/components/schemas/app_securityincidentsKeyField"
4247
4464
  }
4248
4465
  },
4466
+ "x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the incident.",
4467
+ "x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the incident.",
4249
4468
  "x-f5xc-minimum-configuration": {
4250
4469
  "description": "Minimum configuration for app_securityincidentsCardinalityAggregation",
4251
4470
  "required_fields": [
@@ -4268,6 +4487,8 @@
4268
4487
  "description": "X-displayName: \"Step\"\nx-required\nstep is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.\nThe timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
4269
4488
  "title": "Step",
4270
4489
  "x-f5xc-example": "5m",
4490
+ "x-f5xc-description-short": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in...",
4491
+ "x-f5xc-description-medium": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
4271
4492
  "minLength": 0,
4272
4493
  "maxLength": 1024,
4273
4494
  "x-f5xc-required-for": {
@@ -4281,6 +4502,7 @@
4281
4502
  "type": "object",
4282
4503
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each date bucket.",
4283
4504
  "title": "Sub aggregation.",
4505
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each date bucket.",
4284
4506
  "x-f5xc-required-for": {
4285
4507
  "minimum_config": false,
4286
4508
  "create": false,
@@ -4289,6 +4511,7 @@
4289
4511
  }
4290
4512
  }
4291
4513
  },
4514
+ "x-f5xc-description-short": "X-displayName: \"Date Aggregation\" Aggregate incidents based on timestamp in the log.",
4292
4515
  "x-f5xc-minimum-configuration": {
4293
4516
  "description": "Minimum configuration for app_securityincidentsDateAggregation",
4294
4517
  "required_fields": [
@@ -4314,6 +4537,8 @@
4314
4537
  "$ref": "#/components/schemas/app_securityincidentsMultiFieldAggregation"
4315
4538
  }
4316
4539
  },
4540
+ "x-f5xc-description-short": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
4541
+ "x-f5xc-description-medium": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
4317
4542
  "x-f5xc-minimum-configuration": {
4318
4543
  "description": "Minimum configuration for app_securityincidentsDateSubAggregation",
4319
4544
  "required_fields": [
@@ -4342,6 +4567,8 @@
4342
4567
  "type": "object",
4343
4568
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
4344
4569
  "title": "Sub aggregation.",
4570
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
4571
+ "x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
4345
4572
  "x-f5xc-required-for": {
4346
4573
  "minimum_config": false,
4347
4574
  "create": false,
@@ -4355,6 +4582,7 @@
4355
4582
  "title": "Topk",
4356
4583
  "format": "int64",
4357
4584
  "x-f5xc-example": "10",
4585
+ "x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
4358
4586
  "minimum": 0,
4359
4587
  "maximum": 2147483647,
4360
4588
  "x-f5xc-required-for": {
@@ -4365,6 +4593,8 @@
4365
4593
  }
4366
4594
  }
4367
4595
  },
4596
+ "x-f5xc-description-short": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the security event.",
4597
+ "x-f5xc-description-medium": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the security event.",
4368
4598
  "x-f5xc-minimum-configuration": {
4369
4599
  "description": "Minimum configuration for app_securityincidentsFieldAggregation",
4370
4600
  "required_fields": [
@@ -4389,6 +4619,8 @@
4389
4619
  "$ref": "#/components/schemas/app_securityincidentsCardinalityAggregation"
4390
4620
  }
4391
4621
  },
4622
+ "x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
4623
+ "x-f5xc-description-medium": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
4392
4624
  "x-f5xc-minimum-configuration": {
4393
4625
  "description": "Minimum configuration for app_securityincidentsFieldSubAggregation",
4394
4626
  "required_fields": [
@@ -4419,6 +4651,8 @@
4419
4651
  "INCIDENT_ID"
4420
4652
  ],
4421
4653
  "default": "CITY",
4654
+ "x-f5xc-description-short": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName...",
4655
+ "x-f5xc-description-medium": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName: \"Country\" - ASN: x-displayName: \"ASN\" - INCIDENT_TYPE: x-displayName: \"Incident Type\" - INTENT: x-displayName: \"Intent\" - VH_NAME: x-displayName: \"Virtual...",
4422
4656
  "x-f5xc-minimum-configuration": {
4423
4657
  "description": "Minimum configuration for app_securityincidentsKeyField",
4424
4658
  "required_fields": [],
@@ -4437,6 +4671,8 @@
4437
4671
  "EVENTS"
4438
4672
  ],
4439
4673
  "default": "EVENTS",
4674
+ "x-f5xc-description-short": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - EVENTS: x-displayName: \"Events\".",
4675
+ "x-f5xc-description-medium": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - EVENTS: x-displayName: \"Events\".",
4440
4676
  "x-f5xc-minimum-configuration": {
4441
4677
  "description": "Minimum configuration for app_securityincidentsMetricField",
4442
4678
  "required_fields": [],
@@ -4456,6 +4692,8 @@
4456
4692
  "$ref": "#/components/schemas/app_securityincidentsPercentileAggregation"
4457
4693
  }
4458
4694
  },
4695
+ "x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the incident.",
4696
+ "x-f5xc-description-medium": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the incident.",
4459
4697
  "x-f5xc-minimum-configuration": {
4460
4698
  "description": "Minimum configuration for app_securityincidentsMetricsAggregation",
4461
4699
  "required_fields": [
@@ -4483,6 +4721,8 @@
4483
4721
  "type": "object",
4484
4722
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
4485
4723
  "title": "Sub aggregation.",
4724
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
4725
+ "x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
4486
4726
  "x-f5xc-required-for": {
4487
4727
  "minimum_config": false,
4488
4728
  "create": false,
@@ -4496,6 +4736,7 @@
4496
4736
  "title": "Topk",
4497
4737
  "format": "int64",
4498
4738
  "x-f5xc-example": "10",
4739
+ "x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
4499
4740
  "minimum": 0,
4500
4741
  "maximum": 2147483647,
4501
4742
  "x-f5xc-required-for": {
@@ -4506,6 +4747,8 @@
4506
4747
  }
4507
4748
  }
4508
4749
  },
4750
+ "x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation\" Aggregate incidents based on the multiple fields in the incident.",
4751
+ "x-f5xc-description-medium": "X-displayName: \"Multi-Field Aggregation\" Aggregate incidents based on the multiple fields in the incident.",
4509
4752
  "x-f5xc-minimum-configuration": {
4510
4753
  "description": "Minimum configuration for app_securityincidentsMultiFieldAggregation",
4511
4754
  "required_fields": [
@@ -4530,6 +4773,8 @@
4530
4773
  "$ref": "#/components/schemas/app_securityincidentsCardinalityAggregation"
4531
4774
  }
4532
4775
  },
4776
+ "x-f5xc-description-short": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
4777
+ "x-f5xc-description-medium": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
4533
4778
  "x-f5xc-minimum-configuration": {
4534
4779
  "description": "Minimum configuration for app_securityincidentsMultiFieldSubAggregation",
4535
4780
  "required_fields": [
@@ -4550,6 +4795,8 @@
4550
4795
  "SRC_IP_TLS_FINGERPRINT"
4551
4796
  ],
4552
4797
  "default": "SRC_IP_TLS_FINGERPRINT",
4798
+ "x-f5xc-description-short": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - SRC_IP_TLS_FINGERPRINT: x-displayName...",
4799
+ "x-f5xc-description-medium": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - SRC_IP_TLS_FINGERPRINT: x-displayName: \"Source IP, JA3 TLS Fingerprint\" Aggregated by (keyfield.src_IP, keyfield.tls_FINGERPRINT).",
4553
4800
  "x-f5xc-minimum-configuration": {
4554
4801
  "description": "Minimum configuration for app_securityincidentsMultiKeyField",
4555
4802
  "required_fields": [],
@@ -4574,6 +4821,7 @@
4574
4821
  "title": "Percent",
4575
4822
  "format": "double",
4576
4823
  "x-f5xc-example": "[99.0]",
4824
+ "x-f5xc-description-short": "X-displayName: \"Percent\" x-required Percentile for which value is calculated.",
4577
4825
  "x-f5xc-required-for": {
4578
4826
  "minimum_config": false,
4579
4827
  "create": false,
@@ -4582,6 +4830,7 @@
4582
4830
  }
4583
4831
  }
4584
4832
  },
4833
+ "x-f5xc-description-short": "X-displayName: \"Percentile Aggregation\" Calculates percentile over numeric values for a field.",
4585
4834
  "x-f5xc-minimum-configuration": {
4586
4835
  "description": "Minimum configuration for app_securityincidentsPercentileAggregation",
4587
4836
  "required_fields": [
@@ -4622,6 +4871,8 @@
4622
4871
  "$ref": "#/components/schemas/suspicious_user_logMinAggregation"
4623
4872
  }
4624
4873
  },
4874
+ "x-f5xc-description-short": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
4875
+ "x-f5xc-description-medium": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the log response.",
4625
4876
  "x-f5xc-minimum-configuration": {
4626
4877
  "description": "Minimum configuration for app_securitysuspicious_user_logAggregationRequest",
4627
4878
  "required_fields": [
@@ -4649,6 +4900,8 @@
4649
4900
  "$ref": "#/components/schemas/app_securitysuspicious_user_logKeyField"
4650
4901
  }
4651
4902
  },
4903
+ "x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the suspicious user log.",
4904
+ "x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the suspicious user log.",
4652
4905
  "x-f5xc-minimum-configuration": {
4653
4906
  "description": "Minimum configuration for app_securitysuspicious_user_logCardinalityAggregation",
4654
4907
  "required_fields": [
@@ -4671,6 +4924,8 @@
4671
4924
  "description": "X-displayName: \"Step\"\nx-required\nstep is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.\nThe timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
4672
4925
  "title": "Step",
4673
4926
  "x-f5xc-example": "5m",
4927
+ "x-f5xc-description-short": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in...",
4928
+ "x-f5xc-description-medium": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
4674
4929
  "minLength": 0,
4675
4930
  "maxLength": 1024,
4676
4931
  "x-f5xc-required-for": {
@@ -4681,6 +4936,7 @@
4681
4936
  }
4682
4937
  }
4683
4938
  },
4939
+ "x-f5xc-description-short": "X-displayName: \"Date Aggregation\" Aggregate suspicious user logs based on timestamp in the log.",
4684
4940
  "x-f5xc-minimum-configuration": {
4685
4941
  "description": "Minimum configuration for app_securitysuspicious_user_logDateAggregation",
4686
4942
  "required_fields": [
@@ -4708,6 +4964,8 @@
4708
4964
  "type": "object",
4709
4965
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
4710
4966
  "title": "Sub aggregation.",
4967
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
4968
+ "x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
4711
4969
  "x-f5xc-required-for": {
4712
4970
  "minimum_config": false,
4713
4971
  "create": false,
@@ -4721,6 +4979,7 @@
4721
4979
  "title": "Topk",
4722
4980
  "format": "int64",
4723
4981
  "x-f5xc-example": "10",
4982
+ "x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
4724
4983
  "minimum": 0,
4725
4984
  "maximum": 2147483647,
4726
4985
  "x-f5xc-required-for": {
@@ -4731,6 +4990,8 @@
4731
4990
  }
4732
4991
  }
4733
4992
  },
4993
+ "x-f5xc-description-short": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the suspicious user log.",
4994
+ "x-f5xc-description-medium": "X-displayName: \"Field Aggregation\" Aggregate incidents based on the key fields in the suspicious user log.",
4734
4995
  "x-f5xc-minimum-configuration": {
4735
4996
  "description": "Minimum configuration for app_securitysuspicious_user_logFieldAggregation",
4736
4997
  "required_fields": [
@@ -4755,6 +5016,8 @@
4755
5016
  "$ref": "#/components/schemas/app_securitysuspicious_user_logCardinalityAggregation"
4756
5017
  }
4757
5018
  },
5019
+ "x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
5020
+ "x-f5xc-description-medium": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
4758
5021
  "x-f5xc-minimum-configuration": {
4759
5022
  "description": "Minimum configuration for app_securitysuspicious_user_logFieldSubAggregation",
4760
5023
  "required_fields": [
@@ -4782,6 +5045,8 @@
4782
5045
  "SUSPICION_LOG_TYPE"
4783
5046
  ],
4784
5047
  "default": "CITY",
5048
+ "x-f5xc-description-short": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName...",
5049
+ "x-f5xc-description-medium": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName: \"Country\" - ASN: x-displayName: \"ASN\" - USER: x-displayName: \"User\" - THREAT_LEVEL: x-displayName: \"Threat Level\" - VH_NAME: x-displayName: \"Virtual Host...",
4785
5050
  "x-f5xc-minimum-configuration": {
4786
5051
  "description": "Minimum configuration for app_securitysuspicious_user_logKeyField",
4787
5052
  "required_fields": [],
@@ -4801,6 +5066,8 @@
4801
5066
  "$ref": "#/components/schemas/app_securitysuspicious_user_logPercentileAggregation"
4802
5067
  }
4803
5068
  },
5069
+ "x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the suspicious user log.",
5070
+ "x-f5xc-description-medium": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the suspicious user log.",
4804
5071
  "x-f5xc-minimum-configuration": {
4805
5072
  "description": "Minimum configuration for app_securitysuspicious_user_logMetricsAggregation",
4806
5073
  "required_fields": [
@@ -4827,6 +5094,7 @@
4827
5094
  "title": "Percent",
4828
5095
  "format": "double",
4829
5096
  "x-f5xc-example": "[99.0]",
5097
+ "x-f5xc-description-short": "X-displayName: \"Percent\" x-required Percentile for which value is calculated.",
4830
5098
  "x-f5xc-required-for": {
4831
5099
  "minimum_config": false,
4832
5100
  "create": false,
@@ -4835,6 +5103,7 @@
4835
5103
  }
4836
5104
  }
4837
5105
  },
5106
+ "x-f5xc-description-short": "X-displayName: \"Percentile Aggregation\" Calculates percentile over numeric values for a field.",
4838
5107
  "x-f5xc-minimum-configuration": {
4839
5108
  "description": "Minimum configuration for app_securitysuspicious_user_logPercentileAggregation",
4840
5109
  "required_fields": [
@@ -4880,6 +5149,7 @@
4880
5149
  "ves.io.schema.rules.repeated.max_items": "64",
4881
5150
  "ves.io.schema.rules.repeated.unique": "true"
4882
5151
  },
5152
+ "x-f5xc-description-short": "Sources that are located in one of the countries in the given list.",
4883
5153
  "x-f5xc-required-for": {
4884
5154
  "minimum_config": false,
4885
5155
  "create": false,
@@ -4939,6 +5209,8 @@
4939
5209
  "x-validation-rules": {
4940
5210
  "ves.io.schema.rules.timestamp.within.seconds": "31536000"
4941
5211
  },
5212
+ "x-f5xc-description-short": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired.",
5213
+ "x-f5xc-description-medium": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.",
4942
5214
  "minLength": 0,
4943
5215
  "maxLength": 1024,
4944
5216
  "x-f5xc-required-for": {
@@ -4955,6 +5227,7 @@
4955
5227
  "$ref": "#/components/schemas/schemaMessageMetaType"
4956
5228
  }
4957
5229
  },
5230
+ "x-f5xc-description-short": "DDoS Mitigation Rule specifies the sources to be blocked.",
4958
5231
  "x-f5xc-minimum-configuration": {
4959
5232
  "description": "Minimum configuration for common_securityDDoSMitigationRule",
4960
5233
  "required_fields": [
@@ -5007,6 +5280,7 @@
5007
5280
  "ves.io.schema.rules.string.max_len": "1024",
5008
5281
  "ves.io.schema.rules.string.templated_http_path": "true"
5009
5282
  },
5283
+ "x-f5xc-description-short": "The endpoint (path) of the request. Required: YES.",
5010
5284
  "minLength": 0,
5011
5285
  "x-f5xc-required-for": {
5012
5286
  "minimum_config": false,
@@ -5040,6 +5314,7 @@
5040
5314
  "ves.io.schema.rules.string.max_len": "128",
5041
5315
  "ves.io.schema.rules.string.vh_domain": "true"
5042
5316
  },
5317
+ "x-f5xc-description-short": "Exclusive with [any_domain] The rule will apply for a specific domain. For",
5043
5318
  "minLength": 0,
5044
5319
  "x-f5xc-required-for": {
5045
5320
  "minimum_config": false,
@@ -5049,6 +5324,7 @@
5049
5324
  }
5050
5325
  }
5051
5326
  },
5327
+ "x-f5xc-description-short": "API Protection Rule for a specific endpoint.",
5052
5328
  "x-f5xc-minimum-configuration": {
5053
5329
  "description": "Minimum configuration for common_wafAPIEndpointProtectionRule",
5054
5330
  "required_fields": [
@@ -5083,6 +5359,7 @@
5083
5359
  "$ref": "#/components/schemas/schemaEmpty"
5084
5360
  }
5085
5361
  },
5362
+ "x-f5xc-description-short": "The action to take if the input request matches the rule.",
5086
5363
  "x-f5xc-minimum-configuration": {
5087
5364
  "description": "Minimum configuration for common_wafAPIProtectionRuleAction",
5088
5365
  "required_fields": [
@@ -5205,6 +5482,7 @@
5205
5482
  "ves.io.schema.rules.string.max_len": "1024",
5206
5483
  "ves.io.schema.rules.string.templated_http_path": "true"
5207
5484
  },
5485
+ "x-f5xc-description-short": "The endpoint (path) of the request. Required: YES.",
5208
5486
  "minLength": 0,
5209
5487
  "x-f5xc-required-for": {
5210
5488
  "minimum_config": false,
@@ -5239,6 +5517,7 @@
5239
5517
  "ves.io.schema.rules.string.max_len": "128",
5240
5518
  "ves.io.schema.rules.string.vh_domain": "true"
5241
5519
  },
5520
+ "x-f5xc-description-short": "Exclusive with [any_domain] The rule will apply for a specific domain.",
5242
5521
  "minLength": 0,
5243
5522
  "x-f5xc-required-for": {
5244
5523
  "minimum_config": false,
@@ -5285,6 +5564,7 @@
5285
5564
  "default": "SKIP_PROCESSING_WAF",
5286
5565
  "x-displayname": "Action",
5287
5566
  "x-ves-proto-enum": "ves.io.schema.views.common_waf.ClientSrcRuleAction",
5567
+ "x-f5xc-description-short": "Action that should be taken when client identifier matches the rule.",
5288
5568
  "x-f5xc-minimum-configuration": {
5289
5569
  "description": "Minimum configuration for common_wafClientSrcRuleAction",
5290
5570
  "required_fields": [],
@@ -5322,6 +5602,7 @@
5322
5602
  "ves.io.schema.rules.repeated.max_items": "15",
5323
5603
  "ves.io.schema.rules.repeated.unique_metadata_name": "true"
5324
5604
  },
5605
+ "x-f5xc-example": "{\"key\": \"value\"}",
5325
5606
  "x-f5xc-required-for": {
5326
5607
  "minimum_config": false,
5327
5608
  "create": false,
@@ -5377,6 +5658,7 @@
5377
5658
  "x-validation-rules": {
5378
5659
  "ves.io.schema.rules.string.max_len": "128"
5379
5660
  },
5661
+ "x-f5xc-description-short": "Exclusive with [api_endpoint base_path] The API group which this validation applies to.",
5380
5662
  "minLength": 0,
5381
5663
  "x-f5xc-required-for": {
5382
5664
  "minimum_config": false,
@@ -5401,6 +5683,7 @@
5401
5683
  "ves.io.schema.rules.string.http_path": "true",
5402
5684
  "ves.io.schema.rules.string.max_len": "128"
5403
5685
  },
5686
+ "x-f5xc-description-short": "Exclusive with [api_endpoint api_group] The base path which this validation applies to.",
5404
5687
  "minLength": 0,
5405
5688
  "x-f5xc-required-for": {
5406
5689
  "minimum_config": false,
@@ -5413,6 +5696,7 @@
5413
5696
  "$ref": "#/components/schemas/schemaMessageMetaType"
5414
5697
  }
5415
5698
  },
5699
+ "x-f5xc-description-short": "Fall Through Rule for a specific endpoint, base-path, or API group.",
5416
5700
  "x-f5xc-minimum-configuration": {
5417
5701
  "description": "Minimum configuration for common_wafFallThroughRule",
5418
5702
  "required_fields": [
@@ -5456,6 +5740,8 @@
5456
5740
  "ves.io.schema.rules.message.required": "true",
5457
5741
  "ves.io.schema.rules.repeated.max_items": "16"
5458
5742
  },
5743
+ "x-f5xc-example": "{\"key\": \"value\"}",
5744
+ "x-f5xc-description-short": "List of HTTP header name and value pairs Required: YES.",
5459
5745
  "x-f5xc-required-for": {
5460
5746
  "minimum_config": false,
5461
5747
  "create": false,
@@ -5505,6 +5791,8 @@
5505
5791
  "ves.io.schema.rules.uint32.gt": "0",
5506
5792
  "ves.io.schema.rules.uint32.lte": "8192"
5507
5793
  },
5794
+ "x-f5xc-description-short": "The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period.",
5795
+ "x-f5xc-description-medium": "The total number of allowed requests for 1 unit (e.g. SECOND/MINUTE/HOUR etc.) of the specified period. Required: YES.",
5508
5796
  "minimum": 0,
5509
5797
  "maximum": 2147483647,
5510
5798
  "x-f5xc-required-for": {
@@ -5552,6 +5840,8 @@
5552
5840
  }
5553
5841
  },
5554
5842
  "x-required": true,
5843
+ "x-f5xc-description-short": "Determine what to do with unprotected endpoints (not in the OpenAPI specification file (a.k.a.",
5844
+ "x-f5xc-description-medium": "Determine what to do with unprotected endpoints (not in the OpenAPI specification file (a.k.a. Swagger) or doesn't have a specific rule in custom rules).",
5555
5845
  "x-f5xc-minimum-configuration": {
5556
5846
  "description": "Minimum configuration for common_wafOpenApiFallThroughMode",
5557
5847
  "required_fields": [
@@ -5620,6 +5910,8 @@
5620
5910
  "$ref": "#/components/schemas/schemaEmpty"
5621
5911
  }
5622
5912
  },
5913
+ "x-f5xc-description-short": "OpenAPI specification validation settings relevant for \"API Inventory\" enforcement and for \"Custom list\" enforcement.",
5914
+ "x-f5xc-description-medium": "OpenAPI specification validation settings relevant for \"API Inventory\" enforcement and for \"Custom list\" enforcement.",
5623
5915
  "x-f5xc-minimum-configuration": {
5624
5916
  "description": "Minimum configuration for common_wafOpenApiValidationCommonSettings",
5625
5917
  "required_fields": [
@@ -5658,6 +5950,8 @@
5658
5950
  }
5659
5951
  },
5660
5952
  "x-required": true,
5953
+ "x-f5xc-description-short": "Validation mode of OpenAPI specification.",
5954
+ "x-f5xc-description-medium": "Validation mode of OpenAPI specification. When a validation mismatch occurs on a request to one of the endpoints listed on the OpenAPI specification file (a.k.a. Swagger).",
5661
5955
  "x-f5xc-minimum-configuration": {
5662
5956
  "description": "Minimum configuration for common_wafOpenApiValidationMode",
5663
5957
  "required_fields": [
@@ -5711,6 +6005,8 @@
5711
6005
  "ves.io.schema.rules.repeated.min_items": "1",
5712
6006
  "ves.io.schema.rules.repeated.unique": "true"
5713
6007
  },
6008
+ "x-f5xc-description-short": "List of properties of the request to validate according to the OpenAPI specification file (a.k.a.",
6009
+ "x-f5xc-description-medium": "List of properties of the request to validate according to the OpenAPI specification file (a.k.a. Swagger) Required: YES.",
5714
6010
  "x-f5xc-required-for": {
5715
6011
  "minimum_config": false,
5716
6012
  "create": false,
@@ -5771,6 +6067,8 @@
5771
6067
  "ves.io.schema.rules.repeated.min_items": "1",
5772
6068
  "ves.io.schema.rules.repeated.unique": "true"
5773
6069
  },
6070
+ "x-f5xc-description-short": "List of properties of the response to validate according to the OpenAPI specification file (a.k.a.",
6071
+ "x-f5xc-description-medium": "List of properties of the response to validate according to the OpenAPI specification file (a.k.a. Swagger) Required: YES.",
5774
6072
  "x-f5xc-required-for": {
5775
6073
  "minimum_config": false,
5776
6074
  "create": false,
@@ -5822,6 +6120,7 @@
5822
6120
  "x-validation-rules": {
5823
6121
  "ves.io.schema.rules.string.max_len": "128"
5824
6122
  },
6123
+ "x-f5xc-description-short": "Exclusive with [api_endpoint base_path] The API group which this validation applies to.",
5825
6124
  "minLength": 0,
5826
6125
  "x-f5xc-required-for": {
5827
6126
  "minimum_config": false,
@@ -5846,6 +6145,7 @@
5846
6145
  "ves.io.schema.rules.string.http_path": "true",
5847
6146
  "ves.io.schema.rules.string.max_len": "128"
5848
6147
  },
6148
+ "x-f5xc-description-short": "Exclusive with [api_endpoint api_group] The base path which this validation applies to.",
5849
6149
  "minLength": 0,
5850
6150
  "x-f5xc-required-for": {
5851
6151
  "minimum_config": false,
@@ -5871,6 +6171,7 @@
5871
6171
  "ves.io.schema.rules.string.max_len": "128",
5872
6172
  "ves.io.schema.rules.string.vh_domain": "true"
5873
6173
  },
6174
+ "x-f5xc-description-short": "Exclusive with [any_domain] The rule will apply for a specific domain.",
5874
6175
  "minLength": 0,
5875
6176
  "x-f5xc-required-for": {
5876
6177
  "minimum_config": false,
@@ -5883,6 +6184,7 @@
5883
6184
  "$ref": "#/components/schemas/common_wafOpenApiValidationMode"
5884
6185
  }
5885
6186
  },
6187
+ "x-f5xc-description-short": "OpenAPI Validation Rule for a specific endpoint, base-path, or API group.",
5886
6188
  "x-f5xc-minimum-configuration": {
5887
6189
  "description": "Minimum configuration for common_wafOpenApiValidationRule",
5888
6190
  "required_fields": [
@@ -5929,6 +6231,7 @@
5929
6231
  "ves.io.schema.rules.repeated.max_items": "10",
5930
6232
  "ves.io.schema.rules.repeated.unique": "true"
5931
6233
  },
6234
+ "x-f5xc-description-short": "Actions that should be taken when client identifier matches the rule.",
5932
6235
  "x-f5xc-required-for": {
5933
6236
  "minimum_config": false,
5934
6237
  "create": false,
@@ -5952,6 +6255,8 @@
5952
6255
  "ves.io.schema.rules.uint32.gte": "1",
5953
6256
  "ves.io.schema.rules.uint32.lte": "401308"
5954
6257
  },
6258
+ "x-f5xc-description-short": "Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.",
6259
+ "x-f5xc-description-medium": "Exclusive with [http_header ip_prefix ipv6_prefix user_identifier] RFC 6793 defined 4-byte AS number.",
5955
6260
  "minimum": 0,
5956
6261
  "maximum": 2147483647,
5957
6262
  "x-f5xc-required-for": {
@@ -5978,6 +6283,8 @@
5978
6283
  "x-validation-rules": {
5979
6284
  "ves.io.schema.rules.timestamp.within.seconds": "31536000"
5980
6285
  },
6286
+ "x-f5xc-description-short": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired.",
6287
+ "x-f5xc-description-medium": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.",
5981
6288
  "minLength": 0,
5982
6289
  "maxLength": 1024,
5983
6290
  "x-f5xc-required-for": {
@@ -6003,6 +6310,7 @@
6003
6310
  "x-validation-rules": {
6004
6311
  "ves.io.schema.rules.string.ipv4_prefix": "true"
6005
6312
  },
6313
+ "x-f5xc-description-short": "Exclusive with [as_number http_header ipv6_prefix user_identifier] IPv4 prefix string.",
6006
6314
  "minLength": 0,
6007
6315
  "maxLength": 1024,
6008
6316
  "x-f5xc-required-for": {
@@ -6025,6 +6333,7 @@
6025
6333
  "x-validation-rules": {
6026
6334
  "ves.io.schema.rules.string.ipv6_prefix": "true"
6027
6335
  },
6336
+ "x-f5xc-description-short": "Exclusive with [as_number http_header ip_prefix user_identifier] IPv6 prefix string.",
6028
6337
  "minLength": 0,
6029
6338
  "maxLength": 1024,
6030
6339
  "x-f5xc-required-for": {
@@ -6052,6 +6361,8 @@
6052
6361
  "x-validation-rules": {
6053
6362
  "ves.io.schema.rules.string.max_len": "256"
6054
6363
  },
6364
+ "x-f5xc-description-short": "Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier.",
6365
+ "x-f5xc-description-medium": "Exclusive with [as_number http_header ip_prefix ipv6_prefix] Identify user based on user identifier. User identifier value needs to be copied from security event.",
6055
6366
  "minLength": 0,
6056
6367
  "x-f5xc-required-for": {
6057
6368
  "minimum_config": false,
@@ -6065,6 +6376,7 @@
6065
6376
  "$ref": "#/components/schemas/schemaEmpty"
6066
6377
  }
6067
6378
  },
6379
+ "x-f5xc-description-short": "Simple client source rule specifies the sources to be blocked or trusted (skip WAF).",
6068
6380
  "x-f5xc-minimum-configuration": {
6069
6381
  "description": "Minimum configuration for common_wafSimpleClientSrcRule",
6070
6382
  "required_fields": [
@@ -6122,6 +6434,7 @@
6122
6434
  "$ref": "#/components/schemas/schemaEmpty"
6123
6435
  }
6124
6436
  },
6437
+ "x-f5xc-description-short": "X-displayName: \"Validation Settings For Headers\" Custom settings for headers validation.",
6125
6438
  "x-f5xc-minimum-configuration": {
6126
6439
  "description": "Minimum configuration for common_wafValidationSettingForHeaders",
6127
6440
  "required_fields": [
@@ -6150,6 +6463,7 @@
6150
6463
  "$ref": "#/components/schemas/schemaEmpty"
6151
6464
  }
6152
6465
  },
6466
+ "x-f5xc-description-short": "Custom settings for query parameters validation.",
6153
6467
  "x-f5xc-minimum-configuration": {
6154
6468
  "description": "Minimum configuration for common_wafValidationSettingForQueryParameters",
6155
6469
  "required_fields": [
@@ -6205,6 +6519,8 @@
6205
6519
  "ves.io.schema.rules.repeated.min_items": "1",
6206
6520
  "ves.io.schema.rules.repeated.unique": "true"
6207
6521
  },
6522
+ "x-f5xc-description-short": "List of JSON Path field values. Use square brackets with an underscore [_] to indicate array elements (e.g., person.emails[_]).",
6523
+ "x-f5xc-description-medium": "List of JSON Path field values. Use square brackets with an underscore [_] to indicate array elements (e.g., person.emails[_]). To reference JSON keys that contain spaces, enclose the entire path in double quotes.",
6208
6524
  "x-f5xc-required-for": {
6209
6525
  "minimum_config": false,
6210
6526
  "create": false,
@@ -6266,6 +6582,7 @@
6266
6582
  "$ref": "#/components/schemas/schemaEmpty"
6267
6583
  }
6268
6584
  },
6585
+ "x-f5xc-description-short": "Settings to mask sensitive data in request/response payload.",
6269
6586
  "x-f5xc-minimum-configuration": {
6270
6587
  "description": "HTTP/HTTPS load balancer for distributing traffic across origin pools",
6271
6588
  "required_fields": [
@@ -6321,6 +6638,7 @@
6321
6638
  "ves.io.schema.rules.string.max_bytes": "256",
6322
6639
  "ves.io.schema.rules.string.not_empty": "true"
6323
6640
  },
6641
+ "x-f5xc-description-short": "Exclusive with [presence regex] Header value to match exactly.",
6324
6642
  "minLength": 0,
6325
6643
  "x-f5xc-required-for": {
6326
6644
  "minimum_config": false,
@@ -6335,6 +6653,7 @@
6335
6653
  "title": "Invert_match.",
6336
6654
  "format": "boolean",
6337
6655
  "x-displayname": "NOT of match.",
6656
+ "x-f5xc-description-short": "Invert the result of the match to detect missing header or non-matching value.",
6338
6657
  "x-f5xc-required-for": {
6339
6658
  "minimum_config": false,
6340
6659
  "create": false,
@@ -6372,7 +6691,7 @@
6372
6691
  },
6373
6692
  "x-original-maxLength": 256,
6374
6693
  "x-reconciled-from-discovery": true,
6375
- "x-reconciled-at": "2026-01-05T18:28:44.310858+00:00"
6694
+ "x-reconciled-at": "2026-01-07T15:27:53.793377+00:00"
6376
6695
  },
6377
6696
  "presence": {
6378
6697
  "type": "boolean",
@@ -6380,6 +6699,7 @@
6380
6699
  "title": "Presence",
6381
6700
  "format": "boolean",
6382
6701
  "x-displayname": "Presence",
6702
+ "x-f5xc-description-short": "Exclusive with [exact regex] If true, check for presence of header.",
6383
6703
  "x-f5xc-required-for": {
6384
6704
  "minimum_config": false,
6385
6705
  "create": false,
@@ -6403,6 +6723,7 @@
6403
6723
  "ves.io.schema.rules.string.not_empty": "true",
6404
6724
  "ves.io.schema.rules.string.regex": "true"
6405
6725
  },
6726
+ "x-f5xc-description-short": "Exclusive with [exact presence] Regex match of the header value in re2 format.",
6406
6727
  "minLength": 0,
6407
6728
  "x-f5xc-required-for": {
6408
6729
  "minimum_config": false,
@@ -6412,6 +6733,8 @@
6412
6733
  }
6413
6734
  }
6414
6735
  },
6736
+ "x-f5xc-description-short": "Header match is done using the name of the header and its value.",
6737
+ "x-f5xc-description-medium": "Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header Header Match can also be inverse of above, which be used to check missing header or non-matching value.",
6415
6738
  "x-f5xc-minimum-configuration": {
6416
6739
  "description": "Minimum configuration for ioschemaHeaderMatcherType",
6417
6740
  "required_fields": [
@@ -6442,6 +6765,8 @@
6442
6765
  "x-displayname": "Kind",
6443
6766
  "x-ves-example": "Virtual_site.",
6444
6767
  "x-f5xc-example": "virtual_site",
6768
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. \"route\")",
6769
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. \"route\").",
6445
6770
  "minLength": 0,
6446
6771
  "maxLength": 14,
6447
6772
  "x-f5xc-required-for": {
@@ -6453,7 +6778,7 @@
6453
6778
  "readOnly": true,
6454
6779
  "x-original-maxLength": 1024,
6455
6780
  "x-reconciled-from-discovery": true,
6456
- "x-reconciled-at": "2026-01-05T18:28:44.310865+00:00"
6781
+ "x-reconciled-at": "2026-01-07T15:27:53.793385+00:00"
6457
6782
  },
6458
6783
  "name": {
6459
6784
  "type": "string",
@@ -6462,6 +6787,8 @@
6462
6787
  "x-displayname": "Name",
6463
6788
  "x-ves-example": "Contactus-route.",
6464
6789
  "x-f5xc-example": "contactus-route",
6790
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g.",
6791
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name.",
6465
6792
  "minLength": 0,
6466
6793
  "maxLength": 16,
6467
6794
  "x-f5xc-required-for": {
@@ -6472,7 +6799,7 @@
6472
6799
  },
6473
6800
  "x-original-maxLength": 1024,
6474
6801
  "x-reconciled-from-discovery": true,
6475
- "x-reconciled-at": "2026-01-05T18:28:44.310870+00:00"
6802
+ "x-reconciled-at": "2026-01-07T15:27:53.793389+00:00"
6476
6803
  },
6477
6804
  "namespace": {
6478
6805
  "type": "string",
@@ -6481,6 +6808,8 @@
6481
6808
  "x-displayname": "Namespace",
6482
6809
  "x-ves-example": "Ns1",
6483
6810
  "x-f5xc-example": "ns1",
6811
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g.",
6812
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace.",
6484
6813
  "minLength": 0,
6485
6814
  "maxLength": 6,
6486
6815
  "x-f5xc-required-for": {
@@ -6491,7 +6820,7 @@
6491
6820
  },
6492
6821
  "x-original-maxLength": 1024,
6493
6822
  "x-reconciled-from-discovery": true,
6494
- "x-reconciled-at": "2026-01-05T18:28:44.310874+00:00"
6823
+ "x-reconciled-at": "2026-01-07T15:27:53.793393+00:00"
6495
6824
  },
6496
6825
  "tenant": {
6497
6826
  "type": "string",
@@ -6500,6 +6829,8 @@
6500
6829
  "x-displayname": "Tenant",
6501
6830
  "x-ves-example": "Example-corp.",
6502
6831
  "x-f5xc-example": "example-corp",
6832
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g.",
6833
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant.",
6503
6834
  "minLength": 0,
6504
6835
  "maxLength": 18,
6505
6836
  "x-f5xc-required-for": {
@@ -6512,7 +6843,7 @@
6512
6843
  "x-field-mutability": "read-only",
6513
6844
  "x-original-maxLength": 1024,
6514
6845
  "x-reconciled-from-discovery": true,
6515
- "x-reconciled-at": "2026-01-05T18:28:44.310879+00:00"
6846
+ "x-reconciled-at": "2026-01-07T15:27:53.793397+00:00"
6516
6847
  },
6517
6848
  "uid": {
6518
6849
  "type": "string",
@@ -6521,6 +6852,8 @@
6521
6852
  "x-displayname": "UID",
6522
6853
  "x-ves-example": "D15f1fad-4d37-48c0-8706-df1824d76d31.",
6523
6854
  "x-f5xc-example": "d15f1fad-4d37-48c0-8706-df1824d76d31",
6855
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g.",
6856
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. Route's) uid.",
6524
6857
  "minLength": 0,
6525
6858
  "maxLength": 36,
6526
6859
  "x-f5xc-required-for": {
@@ -6534,9 +6867,11 @@
6534
6867
  "x-original-maxLength": 1024,
6535
6868
  "format": "uuid",
6536
6869
  "x-reconciled-from-discovery": true,
6537
- "x-reconciled-at": "2026-01-05T18:28:44.310884+00:00"
6870
+ "x-reconciled-at": "2026-01-07T15:27:53.793403+00:00"
6538
6871
  }
6539
6872
  },
6873
+ "x-f5xc-description-short": "Type establishes a 'direct reference' from one object(the referrer) to another(the referred).",
6874
+ "x-f5xc-description-medium": "Type establishes a 'direct reference' from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector...",
6540
6875
  "x-f5xc-minimum-configuration": {
6541
6876
  "description": "Minimum configuration for ioschemaObjectRefType",
6542
6877
  "required_fields": [
@@ -6572,9 +6907,10 @@
6572
6907
  "maxLength": 15,
6573
6908
  "minLength": 3,
6574
6909
  "x-reconciled-from-discovery": true,
6575
- "x-reconciled-at": "2026-01-05T18:28:44.310890+00:00"
6910
+ "x-reconciled-at": "2026-01-07T15:27:53.793409+00:00"
6576
6911
  }
6577
6912
  },
6913
+ "x-f5xc-description-short": "X-displayName: \"Avg Aggregation Data\" Average Aggregation data.",
6578
6914
  "x-f5xc-minimum-configuration": {
6579
6915
  "description": "Minimum configuration for logAvgAggregationData",
6580
6916
  "required_fields": [
@@ -6597,6 +6933,7 @@
6597
6933
  "description": "X-displayName: \"Count\"\nx-example: 100\nCount of distinct values of a log field.",
6598
6934
  "title": "Count",
6599
6935
  "format": "uint64",
6936
+ "x-f5xc-example": "42",
6600
6937
  "minLength": 0,
6601
6938
  "maxLength": 1024,
6602
6939
  "x-f5xc-required-for": {
@@ -6610,6 +6947,8 @@
6610
6947
  "$ref": "#/components/schemas/schemaTrendValue"
6611
6948
  }
6612
6949
  },
6950
+ "x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation Data\" Approximate count of distinct values of the log field specified in the request.",
6951
+ "x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation Data\" Approximate count of distinct values of the log field specified in the request.",
6613
6952
  "x-f5xc-minimum-configuration": {
6614
6953
  "description": "Minimum configuration for logCardinalityAggregationData",
6615
6954
  "required_fields": [
@@ -6633,6 +6972,7 @@
6633
6972
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
6634
6973
  "title": "Count",
6635
6974
  "format": "uint64",
6975
+ "x-f5xc-example": "42",
6636
6976
  "minLength": 0,
6637
6977
  "maxLength": 1024,
6638
6978
  "x-f5xc-required-for": {
@@ -6646,6 +6986,7 @@
6646
6986
  "type": "object",
6647
6987
  "description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the date bucket.",
6648
6988
  "title": "Sub aggregation.",
6989
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the date bucket.",
6649
6990
  "x-f5xc-required-for": {
6650
6991
  "minimum_config": false,
6651
6992
  "create": false,
@@ -6671,6 +7012,8 @@
6671
7012
  "$ref": "#/components/schemas/schemaTrendValue"
6672
7013
  }
6673
7014
  },
7015
+ "x-f5xc-description-short": "X-displayName: \"Date Aggregation Bucket\" Date histogram bucket containing the timestamp and the number of logs in that bucket.",
7016
+ "x-f5xc-description-medium": "X-displayName: \"Date Aggregation Bucket\" Date histogram bucket containing the timestamp and the number of logs in that bucket.",
6674
7017
  "x-f5xc-minimum-configuration": {
6675
7018
  "description": "Minimum configuration for logDateAggregationBucket",
6676
7019
  "required_fields": [
@@ -6698,6 +7041,7 @@
6698
7041
  "items": {
6699
7042
  "$ref": "#/components/schemas/logDateAggregationBucket"
6700
7043
  },
7044
+ "x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing timestamp and the corresponding log count.",
6701
7045
  "x-f5xc-required-for": {
6702
7046
  "minimum_config": false,
6703
7047
  "create": false,
@@ -6710,6 +7054,8 @@
6710
7054
  "description": "X-displayName: \"Step\"\nActual step size in the response. It could be higher than the requested step depending on the query duration and/or the log rollups.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
6711
7055
  "title": "Step",
6712
7056
  "x-f5xc-example": "30m",
7057
+ "x-f5xc-description-short": "X-displayName: \"Step\" Actual step size in the response.",
7058
+ "x-f5xc-description-medium": "X-displayName: \"Step\" Actual step size in the response. It could be higher than the requested step depending on the query duration and/or the log rollups. Format: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
6713
7059
  "minLength": 0,
6714
7060
  "maxLength": 1024,
6715
7061
  "x-f5xc-required-for": {
@@ -6720,6 +7066,7 @@
6720
7066
  }
6721
7067
  }
6722
7068
  },
7069
+ "x-f5xc-description-short": "X-displayName: \"Date Aggregation Data\" Date aggregation data.",
6723
7070
  "x-f5xc-minimum-configuration": {
6724
7071
  "description": "Minimum configuration for logDateAggregationData",
6725
7072
  "required_fields": [
@@ -6745,6 +7092,7 @@
6745
7092
  "$ref": "#/components/schemas/logMultiFieldAggregationData"
6746
7093
  }
6747
7094
  },
7095
+ "x-f5xc-description-short": "X-displayName: \"Date SubAggregation\" Date subaggregation data.",
6748
7096
  "x-f5xc-minimum-configuration": {
6749
7097
  "description": "Minimum configuration for logDateSubAggregationData",
6750
7098
  "required_fields": [
@@ -6768,6 +7116,7 @@
6768
7116
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
6769
7117
  "title": "Count",
6770
7118
  "format": "uint64",
7119
+ "x-f5xc-example": "42",
6771
7120
  "minLength": 0,
6772
7121
  "maxLength": 1024,
6773
7122
  "x-f5xc-required-for": {
@@ -6792,7 +7141,7 @@
6792
7141
  },
6793
7142
  "x-original-maxLength": 1024,
6794
7143
  "x-reconciled-from-discovery": true,
6795
- "x-reconciled-at": "2026-01-05T18:28:44.310911+00:00"
7144
+ "x-reconciled-at": "2026-01-07T15:27:53.793431+00:00"
6796
7145
  },
6797
7146
  "order_by": {
6798
7147
  "$ref": "#/components/schemas/logOrderByData"
@@ -6801,6 +7150,7 @@
6801
7150
  "type": "object",
6802
7151
  "description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the field aggregation bucket.",
6803
7152
  "title": "Sub aggregation.",
7153
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the field aggregation bucket.",
6804
7154
  "x-f5xc-required-for": {
6805
7155
  "minimum_config": false,
6806
7156
  "create": false,
@@ -6812,6 +7162,8 @@
6812
7162
  "$ref": "#/components/schemas/schemaTrendValue"
6813
7163
  }
6814
7164
  },
7165
+ "x-f5xc-description-short": "X-displayName: \"Field Aggregation Bucket\" Field aggregation bucket containing field value and the number of logs.",
7166
+ "x-f5xc-description-medium": "X-displayName: \"Field Aggregation Bucket\" Field aggregation bucket containing field value and the number of logs.",
6815
7167
  "x-f5xc-minimum-configuration": {
6816
7168
  "description": "Minimum configuration for logFieldAggregationBucket",
6817
7169
  "required_fields": [
@@ -6840,6 +7192,7 @@
6840
7192
  "items": {
6841
7193
  "$ref": "#/components/schemas/logFieldAggregationBucket"
6842
7194
  },
7195
+ "x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field value and the corresponding log count.",
6843
7196
  "x-f5xc-required-for": {
6844
7197
  "minimum_config": false,
6845
7198
  "create": false,
@@ -6848,6 +7201,7 @@
6848
7201
  }
6849
7202
  }
6850
7203
  },
7204
+ "x-f5xc-description-short": "X-displayName: \"Field Aggregation Data\" Field Aggregation data.",
6851
7205
  "x-f5xc-minimum-configuration": {
6852
7206
  "description": "Minimum configuration for logFieldAggregationData",
6853
7207
  "required_fields": [
@@ -6870,6 +7224,7 @@
6870
7224
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
6871
7225
  "title": "Count",
6872
7226
  "format": "uint64",
7227
+ "x-f5xc-example": "42",
6873
7228
  "minLength": 0,
6874
7229
  "maxLength": 1024,
6875
7230
  "x-f5xc-required-for": {
@@ -6884,6 +7239,7 @@
6884
7239
  "description": "X-displayName: \"Key\"\nKey contain the name/value pair that identifies the unique key fields.",
6885
7240
  "title": "Keys",
6886
7241
  "x-f5xc-example": "HIT, MISS, REVALIDATED",
7242
+ "x-f5xc-description-short": "X-displayName: \"Key\" Key contain the name/value pair that identifies the unique key fields.",
6887
7243
  "minLength": 0,
6888
7244
  "maxLength": 16,
6889
7245
  "x-f5xc-required-for": {
@@ -6894,12 +7250,14 @@
6894
7250
  },
6895
7251
  "x-original-maxLength": 1024,
6896
7252
  "x-reconciled-from-discovery": true,
6897
- "x-reconciled-at": "2026-01-05T18:28:44.310923+00:00"
7253
+ "x-reconciled-at": "2026-01-07T15:27:53.793444+00:00"
6898
7254
  },
6899
7255
  "order_by": {
6900
7256
  "$ref": "#/components/schemas/logOrderByData"
6901
7257
  }
6902
7258
  },
7259
+ "x-f5xc-description-short": "X-displayName: \"Field Sub Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
7260
+ "x-f5xc-description-medium": "X-displayName: \"Field Sub Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
6903
7261
  "x-f5xc-minimum-configuration": {
6904
7262
  "description": "Minimum configuration for logFieldSubAggregationBucket",
6905
7263
  "required_fields": [
@@ -6929,6 +7287,7 @@
6929
7287
  "items": {
6930
7288
  "$ref": "#/components/schemas/logFieldSubAggregationBucket"
6931
7289
  },
7290
+ "x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field values and the corresponding log count.",
6932
7291
  "x-f5xc-required-for": {
6933
7292
  "minimum_config": false,
6934
7293
  "create": false,
@@ -6952,6 +7311,7 @@
6952
7311
  "$ref": "#/components/schemas/logMultiFilterAggregationData"
6953
7312
  }
6954
7313
  },
7314
+ "x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Field subaggregation data.",
6955
7315
  "x-f5xc-minimum-configuration": {
6956
7316
  "description": "Minimum configuration for logFieldSubAggregationData",
6957
7317
  "required_fields": [
@@ -6980,6 +7340,7 @@
6980
7340
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
6981
7341
  "title": "Count",
6982
7342
  "format": "uint64",
7343
+ "x-f5xc-example": "42",
6983
7344
  "minLength": 0,
6984
7345
  "maxLength": 1024,
6985
7346
  "x-f5xc-required-for": {
@@ -6994,6 +7355,7 @@
6994
7355
  "description": "X-displayName: \"Key\"\nKey contain the name/value pair that identifies the unique key fields.",
6995
7356
  "title": "Keys",
6996
7357
  "x-f5xc-example": "HIT, MISS, REVALIDATED",
7358
+ "x-f5xc-description-short": "X-displayName: \"Key\" Key contain the name/value pair that identifies the unique key fields.",
6997
7359
  "minLength": 0,
6998
7360
  "maxLength": 16,
6999
7361
  "x-f5xc-required-for": {
@@ -7004,9 +7366,11 @@
7004
7366
  },
7005
7367
  "x-original-maxLength": 1024,
7006
7368
  "x-reconciled-from-discovery": true,
7007
- "x-reconciled-at": "2026-01-05T18:28:44.310938+00:00"
7369
+ "x-reconciled-at": "2026-01-07T15:27:53.793459+00:00"
7008
7370
  }
7009
7371
  },
7372
+ "x-f5xc-description-short": "X-displayName: \"Field Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
7373
+ "x-f5xc-description-medium": "X-displayName: \"Field Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
7010
7374
  "x-f5xc-minimum-configuration": {
7011
7375
  "description": "Minimum configuration for logFieldSubFieldAggregationBucket",
7012
7376
  "required_fields": [
@@ -7032,6 +7396,7 @@
7032
7396
  "items": {
7033
7397
  "$ref": "#/components/schemas/logFieldSubFieldAggregationBucket"
7034
7398
  },
7399
+ "x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field value and the corresponding log count.",
7035
7400
  "x-f5xc-required-for": {
7036
7401
  "minimum_config": false,
7037
7402
  "create": false,
@@ -7040,6 +7405,7 @@
7040
7405
  }
7041
7406
  }
7042
7407
  },
7408
+ "x-f5xc-description-short": "X-displayName: \"Field Sub Field Aggregation Data\" Field Aggregation data as Field Sub-aggregation.",
7043
7409
  "x-f5xc-minimum-configuration": {
7044
7410
  "description": "Minimum configuration for logFieldSubFieldAggregationData",
7045
7411
  "required_fields": [
@@ -7062,6 +7428,7 @@
7062
7428
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
7063
7429
  "title": "Count",
7064
7430
  "format": "uint64",
7431
+ "x-f5xc-example": "42",
7065
7432
  "minLength": 0,
7066
7433
  "maxLength": 1024,
7067
7434
  "x-f5xc-required-for": {
@@ -7075,6 +7442,7 @@
7075
7442
  "type": "object",
7076
7443
  "description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the filter aggregation.",
7077
7444
  "title": "Sub aggregation.",
7445
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the filter aggregation.",
7078
7446
  "x-f5xc-required-for": {
7079
7447
  "minimum_config": false,
7080
7448
  "create": false,
@@ -7083,6 +7451,7 @@
7083
7451
  }
7084
7452
  }
7085
7453
  },
7454
+ "x-f5xc-description-short": "X-displayName: \"Filter Aggregation Data\" Filter Aggregation Data.",
7086
7455
  "x-f5xc-minimum-configuration": {
7087
7456
  "description": "Minimum configuration for logFilterAggregationData",
7088
7457
  "required_fields": [
@@ -7108,6 +7477,7 @@
7108
7477
  "items": {
7109
7478
  "$ref": "#/components/schemas/logFilterSubFieldAggregationBucket"
7110
7479
  },
7480
+ "x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field value and the corresponding log count.",
7111
7481
  "x-f5xc-required-for": {
7112
7482
  "minimum_config": false,
7113
7483
  "create": false,
@@ -7116,6 +7486,7 @@
7116
7486
  }
7117
7487
  }
7118
7488
  },
7489
+ "x-f5xc-description-short": "X-displayName: \"FilterSubAggregation\" Filter subaggregation data.",
7119
7490
  "x-f5xc-minimum-configuration": {
7120
7491
  "description": "Minimum configuration for logFilterSubAggregationData",
7121
7492
  "required_fields": [
@@ -7138,6 +7509,7 @@
7138
7509
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
7139
7510
  "title": "Count",
7140
7511
  "format": "uint64",
7512
+ "x-f5xc-example": "42",
7141
7513
  "minLength": 0,
7142
7514
  "maxLength": 1024,
7143
7515
  "x-f5xc-required-for": {
@@ -7152,6 +7524,7 @@
7152
7524
  "description": "X-displayName: \"Key\"\nKey contain the name/value pair that identifies the unique key fields.",
7153
7525
  "title": "Keys",
7154
7526
  "x-f5xc-example": "HIT, MISS, REVALIDATED",
7527
+ "x-f5xc-description-short": "X-displayName: \"Key\" Key contain the name/value pair that identifies the unique key fields.",
7155
7528
  "minLength": 0,
7156
7529
  "maxLength": 16,
7157
7530
  "x-f5xc-required-for": {
@@ -7162,12 +7535,13 @@
7162
7535
  },
7163
7536
  "x-original-maxLength": 1024,
7164
7537
  "x-reconciled-from-discovery": true,
7165
- "x-reconciled-at": "2026-01-05T18:28:44.310951+00:00"
7538
+ "x-reconciled-at": "2026-01-07T15:27:53.793472+00:00"
7166
7539
  },
7167
7540
  "sub_aggs": {
7168
7541
  "type": "object",
7169
7542
  "description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the filter aggregation.",
7170
7543
  "title": "Sub aggregation.",
7544
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the filter aggregation.",
7171
7545
  "x-f5xc-required-for": {
7172
7546
  "minimum_config": false,
7173
7547
  "create": false,
@@ -7176,6 +7550,8 @@
7176
7550
  }
7177
7551
  }
7178
7552
  },
7553
+ "x-f5xc-description-short": "X-displayName: \"Filter Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
7554
+ "x-f5xc-description-medium": "X-displayName: \"Filter Sub Field Aggregation Bucket\" Field sub aggregation bucket containing field values and the number of logs.",
7179
7555
  "x-f5xc-minimum-configuration": {
7180
7556
  "description": "Minimum configuration for logFilterSubFieldAggregationBucket",
7181
7557
  "required_fields": [
@@ -7226,6 +7602,7 @@
7226
7602
  "$ref": "#/components/schemas/logMultiFilterAggregationData"
7227
7603
  }
7228
7604
  },
7605
+ "x-f5xc-description-short": "X-displayName: \"Log Aggregation\" Log aggregation response data.",
7229
7606
  "x-f5xc-minimum-configuration": {
7230
7607
  "description": "Minimum configuration for logLogAggregationData",
7231
7608
  "required_fields": [
@@ -7266,9 +7643,10 @@
7266
7643
  "maxLength": 15,
7267
7644
  "minLength": 3,
7268
7645
  "x-reconciled-from-discovery": true,
7269
- "x-reconciled-at": "2026-01-05T18:28:44.310969+00:00"
7646
+ "x-reconciled-at": "2026-01-07T15:27:53.793489+00:00"
7270
7647
  }
7271
7648
  },
7649
+ "x-f5xc-description-short": "X-displayName: \"Max Aggregation Data\" Max Aggregation data.",
7272
7650
  "x-f5xc-minimum-configuration": {
7273
7651
  "description": "Minimum configuration for logMaxAggregationData",
7274
7652
  "required_fields": [
@@ -7290,6 +7668,7 @@
7290
7668
  "$ref": "#/components/schemas/logPercentileAggregationData"
7291
7669
  }
7292
7670
  },
7671
+ "x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Metrics aggregation data.",
7293
7672
  "x-f5xc-minimum-configuration": {
7294
7673
  "description": "Minimum configuration for logMetricsAggregationData",
7295
7674
  "required_fields": [
@@ -7321,9 +7700,10 @@
7321
7700
  "maxLength": 15,
7322
7701
  "minLength": 3,
7323
7702
  "x-reconciled-from-discovery": true,
7324
- "x-reconciled-at": "2026-01-05T18:28:44.310975+00:00"
7703
+ "x-reconciled-at": "2026-01-07T15:27:53.793496+00:00"
7325
7704
  }
7326
7705
  },
7706
+ "x-f5xc-description-short": "X-displayName: \"Min Aggregation Data\" Min Aggregation data.",
7327
7707
  "x-f5xc-minimum-configuration": {
7328
7708
  "description": "Minimum configuration for logMinAggregationData",
7329
7709
  "required_fields": [
@@ -7346,6 +7726,7 @@
7346
7726
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
7347
7727
  "title": "Count",
7348
7728
  "format": "uint64",
7729
+ "x-f5xc-example": "42",
7349
7730
  "minLength": 0,
7350
7731
  "maxLength": 1024,
7351
7732
  "x-f5xc-required-for": {
@@ -7360,6 +7741,8 @@
7360
7741
  "description": "X-displayName: \"Keys\"\nKeys contain the name/value pair that identifies the unique combination of multiple key fields\nSRC_IP\": \"10.10.10.1\", \"COUNTRY\": \"US\"}\"",
7361
7742
  "title": "Keys",
7362
7743
  "x-f5xc-example": "{",
7744
+ "x-f5xc-description-short": "X-displayName: \"Keys\" Keys contain the name/value pair that identifies the unique combination of multiple key fields SRC_IP\": \"10.10.10.1\"...",
7745
+ "x-f5xc-description-medium": "X-displayName: \"Keys\" Keys contain the name/value pair that identifies the unique combination of multiple key fields SRC_IP\": \"10.10.10.1\", \"COUNTRY\": \"US\"}\".",
7363
7746
  "x-f5xc-required-for": {
7364
7747
  "minimum_config": false,
7365
7748
  "create": false,
@@ -7374,6 +7757,7 @@
7374
7757
  "type": "object",
7375
7758
  "description": "X-displayName: \"Sub Aggregation\"\nSub aggregation data for the multi field aggregation bucket.",
7376
7759
  "title": "Sub aggregation.",
7760
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" Sub aggregation data for the multi field aggregation bucket.",
7377
7761
  "x-f5xc-required-for": {
7378
7762
  "minimum_config": false,
7379
7763
  "create": false,
@@ -7382,6 +7766,8 @@
7382
7766
  }
7383
7767
  }
7384
7768
  },
7769
+ "x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation Bucket\" Multi-Field aggregation bucket containing field values and the number of logs.",
7770
+ "x-f5xc-description-medium": "X-displayName: \"Multi-Field Aggregation Bucket\" Multi-Field aggregation bucket containing field values and the number of logs.",
7385
7771
  "x-f5xc-minimum-configuration": {
7386
7772
  "description": "Minimum configuration for logMultiFieldAggregationBucket",
7387
7773
  "required_fields": [
@@ -7409,6 +7795,7 @@
7409
7795
  "items": {
7410
7796
  "$ref": "#/components/schemas/logMultiFieldAggregationBucket"
7411
7797
  },
7798
+ "x-f5xc-description-short": "X-displayName: \"Buckets\" Lists of buckets containing field values and the corresponding log count.",
7412
7799
  "x-f5xc-required-for": {
7413
7800
  "minimum_config": false,
7414
7801
  "create": false,
@@ -7417,6 +7804,7 @@
7417
7804
  }
7418
7805
  }
7419
7806
  },
7807
+ "x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation Data\" Multi-Field Aggregation data.",
7420
7808
  "x-f5xc-minimum-configuration": {
7421
7809
  "description": "Minimum configuration for logMultiFieldAggregationData",
7422
7810
  "required_fields": [
@@ -7450,6 +7838,7 @@
7450
7838
  "$ref": "#/components/schemas/logTopHitsAggregationData"
7451
7839
  }
7452
7840
  },
7841
+ "x-f5xc-description-short": "X-displayName: \"Multi Field SubAggregation\" Field subaggregation data.",
7453
7842
  "x-f5xc-minimum-configuration": {
7454
7843
  "description": "Minimum configuration for logMultiFieldSubAggregationData",
7455
7844
  "required_fields": [
@@ -7476,6 +7865,7 @@
7476
7865
  "description": "X-displayName: \"Count\"\nx-example: 45\n\nnumber of logs in this bucket.",
7477
7866
  "title": "Count",
7478
7867
  "format": "uint64",
7868
+ "x-f5xc-example": "42",
7479
7869
  "minLength": 0,
7480
7870
  "maxLength": 1024,
7481
7871
  "x-f5xc-required-for": {
@@ -7486,6 +7876,7 @@
7486
7876
  }
7487
7877
  }
7488
7878
  },
7879
+ "x-f5xc-description-short": "X-displayName: \"Multi Filter Aggregation Data\" Multi Filter Aggregation data.",
7489
7880
  "x-f5xc-minimum-configuration": {
7490
7881
  "description": "Minimum configuration for logMultiFilterAggregationData",
7491
7882
  "required_fields": [
@@ -7507,6 +7898,7 @@
7507
7898
  "$ref": "#/components/schemas/logMetricsAggregationData"
7508
7899
  }
7509
7900
  },
7901
+ "x-f5xc-description-short": "X-displayName: \"Order by Data\" Order by data.",
7510
7902
  "x-f5xc-minimum-configuration": {
7511
7903
  "description": "Minimum configuration for logOrderByData",
7512
7904
  "required_fields": [
@@ -7529,6 +7921,7 @@
7529
7921
  "description": "X-displayName: \"Key\"\nx-example: 99.0.",
7530
7922
  "title": "Key",
7531
7923
  "format": "double",
7924
+ "x-f5xc-example": "[REDACTED_PUBLIC_KEY]",
7532
7925
  "x-f5xc-required-for": {
7533
7926
  "minimum_config": false,
7534
7927
  "create": false,
@@ -7538,7 +7931,7 @@
7538
7931
  "maxLength": 16,
7539
7932
  "minLength": 7,
7540
7933
  "x-reconciled-from-discovery": true,
7541
- "x-reconciled-at": "2026-01-05T18:28:44.310998+00:00"
7934
+ "x-reconciled-at": "2026-01-07T15:27:53.793530+00:00"
7542
7935
  },
7543
7936
  "value": {
7544
7937
  "type": "number",
@@ -7554,9 +7947,10 @@
7554
7947
  "maxLength": 15,
7555
7948
  "minLength": 3,
7556
7949
  "x-reconciled-from-discovery": true,
7557
- "x-reconciled-at": "2026-01-05T18:28:44.311002+00:00"
7950
+ "x-reconciled-at": "2026-01-07T15:27:53.793535+00:00"
7558
7951
  }
7559
7952
  },
7953
+ "x-f5xc-description-short": "X-displayName: \"Percentile Aggregation Data\" Percentile Aggregation data.",
7560
7954
  "x-f5xc-minimum-configuration": {
7561
7955
  "description": "Minimum configuration for logPercentileAggregationData",
7562
7956
  "required_fields": [
@@ -7580,6 +7974,7 @@
7580
7974
  "description": "X-displayName: \"Count\"\nx-example: 100\nCount of top hit values.",
7581
7975
  "title": "Count",
7582
7976
  "format": "uint64",
7977
+ "x-f5xc-example": "42",
7583
7978
  "minLength": 0,
7584
7979
  "maxLength": 1024,
7585
7980
  "x-f5xc-required-for": {
@@ -7596,6 +7991,7 @@
7596
7991
  "items": {
7597
7992
  "type": "string"
7598
7993
  },
7994
+ "x-f5xc-description-short": "X-displayName: \"Documents\" document values.",
7599
7995
  "x-f5xc-required-for": {
7600
7996
  "minimum_config": false,
7601
7997
  "create": false,
@@ -7604,6 +8000,7 @@
7604
8000
  }
7605
8001
  }
7606
8002
  },
8003
+ "x-f5xc-description-short": "X-displayName: \"TopHits Aggregation Data\" Top Hits Aggregation Data.",
7607
8004
  "x-f5xc-minimum-configuration": {
7608
8005
  "description": "Minimum configuration for logTopHitsAggregationData",
7609
8006
  "required_fields": [
@@ -7643,6 +8040,7 @@
7643
8040
  }
7644
8041
  }
7645
8042
  },
8043
+ "x-f5xc-description-short": "SecurityEventsCounter contains the timeseries data of security events counter.",
7646
8044
  "x-f5xc-minimum-configuration": {
7647
8045
  "description": "Minimum configuration for metricsSecurityEventsCounter",
7648
8046
  "required_fields": [
@@ -7670,6 +8068,7 @@
7670
8068
  "x-displayname": "Namespace",
7671
8069
  "x-ves-example": "Blogging-app-namespace-1.",
7672
8070
  "x-f5xc-example": "blogging-app-namespace-1",
8071
+ "x-f5xc-description-short": "Namespace for which the security event was generated.",
7673
8072
  "minLength": 0,
7674
8073
  "maxLength": 6,
7675
8074
  "x-f5xc-required-for": {
@@ -7680,11 +8079,11 @@
7680
8079
  },
7681
8080
  "x-original-maxLength": 1024,
7682
8081
  "x-reconciled-from-discovery": true,
7683
- "x-reconciled-at": "2026-01-05T18:28:44.311014+00:00"
8082
+ "x-reconciled-at": "2026-01-07T15:27:53.793546+00:00"
7684
8083
  },
7685
8084
  "sec_event_type": {
7686
8085
  "type": "string",
7687
- "description": "",
8086
+ "description": "Event or occurrence data",
7688
8087
  "title": "Security Event Type.",
7689
8088
  "x-displayname": "Security Event Type.",
7690
8089
  "x-ves-example": "WAF",
@@ -7700,7 +8099,7 @@
7700
8099
  },
7701
8100
  "src_instance": {
7702
8101
  "type": "string",
7703
- "description": "",
8102
+ "description": "Instance or deployment identifier",
7704
8103
  "title": "Source Instance.",
7705
8104
  "x-displayname": "Source Instance.",
7706
8105
  "x-ves-example": "IN",
@@ -7716,7 +8115,7 @@
7716
8115
  },
7717
8116
  "src_site": {
7718
8117
  "type": "string",
7719
- "description": "",
8118
+ "description": "Site or location identifier",
7720
8119
  "title": "Source Site.",
7721
8120
  "x-displayname": "Source Site.",
7722
8121
  "x-ves-example": "Greatblogs-CE.",
@@ -7732,7 +8131,7 @@
7732
8131
  },
7733
8132
  "vh_name": {
7734
8133
  "type": "string",
7735
- "description": "",
8134
+ "description": "Human-readable name for the resource",
7736
8135
  "title": "Virtual Host.",
7737
8136
  "x-displayname": "Virtual Host.",
7738
8137
  "x-ves-example": "Greatblogs-vhost.",
@@ -7747,6 +8146,8 @@
7747
8146
  }
7748
8147
  }
7749
8148
  },
8149
+ "x-f5xc-description-short": "SecurityEventsId uniquely identifies an entry in the response for security events metrics query.",
8150
+ "x-f5xc-description-medium": "SecurityEventsId uniquely identifies an entry in the response for security events metrics query. Security events counter is aggregated based on the MetricLabel specified in the group_by field in the request. Therefore, only the fields that corresponds to the MetricLabel in the group_by will have...",
7750
8151
  "x-f5xc-minimum-configuration": {
7751
8152
  "description": "Minimum configuration for metricsSecurityEventsId",
7752
8153
  "required_fields": [
@@ -7776,6 +8177,8 @@
7776
8177
  "default": "NAMESPACE",
7777
8178
  "x-displayname": "Security Events Metric Labels.",
7778
8179
  "x-ves-proto-enum": "ves.io.schema.app_security.metrics.SecurityMetricLabel",
8180
+ "x-f5xc-description-short": "Labels in the security events metrics. Security events metric can be sliced and diced based on one or more labels listed below.",
8181
+ "x-f5xc-description-medium": "Labels in the security events metrics. Security events metric can be sliced and diced based on one or more labels listed below.",
7779
8182
  "x-f5xc-minimum-configuration": {
7780
8183
  "description": "Minimum configuration for metricsSecurityMetricLabel",
7781
8184
  "required_fields": [],
@@ -7815,9 +8218,11 @@
7815
8218
  },
7816
8219
  "x-original-maxLength": 1024,
7817
8220
  "x-reconciled-from-discovery": true,
7818
- "x-reconciled-at": "2026-01-05T18:28:44.311027+00:00"
8221
+ "x-reconciled-at": "2026-01-07T15:27:53.793559+00:00"
7819
8222
  }
7820
8223
  },
8224
+ "x-f5xc-description-short": "Label based filtering for Security Events metrics. Security Events metrics are tagged with labels mentioned in MetricLabel.",
8225
+ "x-f5xc-description-medium": "Label based filtering for Security Events metrics. Security Events metrics are tagged with labels mentioned in MetricLabel. Metric label filter can be specified to query specific metrics based on label match.",
7821
8226
  "x-f5xc-minimum-configuration": {
7822
8227
  "description": "Minimum configuration for metricsSecurityMetricLabelFilter",
7823
8228
  "required_fields": [
@@ -7843,6 +8248,7 @@
7843
8248
  "default": "EQ",
7844
8249
  "x-displayname": "Security Events Metric Label Operator.",
7845
8250
  "x-ves-proto-enum": "ves.io.schema.app_security.metrics.SecurityMetricLabelOp",
8251
+ "x-f5xc-description-short": "The operator to use when querying Security Events metrics with labels.",
7846
8252
  "x-f5xc-minimum-configuration": {
7847
8253
  "description": "Minimum configuration for metricsSecurityMetricLabelOp",
7848
8254
  "required_fields": [],
@@ -7877,7 +8283,7 @@
7877
8283
  },
7878
8284
  "value": {
7879
8285
  "type": "string",
7880
- "description": "Value",
8286
+ "description": "Configuration parameter for value",
7881
8287
  "title": "Value",
7882
8288
  "x-displayname": "Value",
7883
8289
  "x-ves-example": "15",
@@ -7892,9 +8298,10 @@
7892
8298
  },
7893
8299
  "x-original-maxLength": 1024,
7894
8300
  "x-reconciled-from-discovery": true,
7895
- "x-reconciled-at": "2026-01-05T18:28:44.311055+00:00"
8301
+ "x-reconciled-at": "2026-01-07T15:27:53.793565+00:00"
7896
8302
  }
7897
8303
  },
8304
+ "x-f5xc-description-short": "Value returned for a Security Events Metrics query.",
7898
8305
  "x-f5xc-minimum-configuration": {
7899
8306
  "description": "Minimum configuration for metricsSecurityMetricValue",
7900
8307
  "required_fields": [
@@ -7932,6 +8339,8 @@
7932
8339
  "x-validation-rules": {
7933
8340
  "ves.io.schema.rules.string.max_len": "128"
7934
8341
  },
8342
+ "x-f5xc-description-short": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check.",
8343
+ "x-f5xc-description-medium": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).",
7935
8344
  "minLength": 0,
7936
8345
  "x-f5xc-required-for": {
7937
8346
  "minimum_config": false,
@@ -7944,6 +8353,7 @@
7944
8353
  "$ref": "#/components/schemas/app_firewallAttackType"
7945
8354
  }
7946
8355
  },
8356
+ "x-f5xc-description-short": "App Firewall Attack Type context changes to be applied for this request.",
7947
8357
  "x-f5xc-minimum-configuration": {
7948
8358
  "description": "Minimum configuration for policyAppFirewallAttackTypeContext",
7949
8359
  "required_fields": [
@@ -7982,6 +8392,7 @@
7982
8392
  "ves.io.schema.rules.repeated.max_items": "64",
7983
8393
  "ves.io.schema.rules.repeated.unique": "true"
7984
8394
  },
8395
+ "x-f5xc-description-short": "Attack Types to be excluded for the defined match criteria.",
7985
8396
  "x-f5xc-required-for": {
7986
8397
  "minimum_config": false,
7987
8398
  "create": false,
@@ -8006,6 +8417,8 @@
8006
8417
  "ves.io.schema.rules.repeated.max_items": "64",
8007
8418
  "ves.io.schema.rules.repeated.unique": "true"
8008
8419
  },
8420
+ "x-f5xc-example": "example-resource",
8421
+ "x-f5xc-description-short": "Bot Names to be excluded for the defined match criteria.",
8009
8422
  "x-f5xc-required-for": {
8010
8423
  "minimum_config": false,
8011
8424
  "create": false,
@@ -8030,6 +8443,7 @@
8030
8443
  "ves.io.schema.rules.repeated.max_items": "1024",
8031
8444
  "ves.io.schema.rules.repeated.unique": "true"
8032
8445
  },
8446
+ "x-f5xc-description-short": "Signature IDs to be excluded for the defined match criteria.",
8033
8447
  "x-f5xc-required-for": {
8034
8448
  "minimum_config": false,
8035
8449
  "create": false,
@@ -8054,6 +8468,7 @@
8054
8468
  "ves.io.schema.rules.repeated.max_items": "64",
8055
8469
  "ves.io.schema.rules.repeated.unique": "true"
8056
8470
  },
8471
+ "x-f5xc-description-short": "Violations to be excluded for the defined match criteria.",
8057
8472
  "x-f5xc-required-for": {
8058
8473
  "minimum_config": false,
8059
8474
  "create": false,
@@ -8062,6 +8477,8 @@
8062
8477
  }
8063
8478
  }
8064
8479
  },
8480
+ "x-f5xc-description-short": "Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria.",
8481
+ "x-f5xc-description-medium": "Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria.",
8065
8482
  "x-f5xc-minimum-configuration": {
8066
8483
  "description": "Minimum configuration for policyAppFirewallDetectionControl",
8067
8484
  "required_fields": [
@@ -8101,6 +8518,8 @@
8101
8518
  "x-validation-rules": {
8102
8519
  "ves.io.schema.rules.string.max_len": "128"
8103
8520
  },
8521
+ "x-f5xc-description-short": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check.",
8522
+ "x-f5xc-description-medium": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).",
8104
8523
  "minLength": 0,
8105
8524
  "x-f5xc-required-for": {
8106
8525
  "minimum_config": false,
@@ -8128,6 +8547,8 @@
8128
8547
  "ves.io.schema.rules.uint32.gte": "0",
8129
8548
  "ves.io.schema.rules.uint32.lte": "299999999"
8130
8549
  },
8550
+ "x-f5xc-description-short": "The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the...",
8551
+ "x-f5xc-description-medium": "The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context. Required: YES.",
8131
8552
  "minimum": 0,
8132
8553
  "maximum": 2147483647,
8133
8554
  "x-f5xc-required-for": {
@@ -8139,6 +8560,7 @@
8139
8560
  "x-field-mutability": "read-only"
8140
8561
  }
8141
8562
  },
8563
+ "x-f5xc-description-short": "App Firewall signature context changes to be applied for this request.",
8142
8564
  "x-f5xc-minimum-configuration": {
8143
8565
  "description": "Minimum configuration for policyAppFirewallSignatureContext",
8144
8566
  "required_fields": [
@@ -8177,6 +8599,8 @@
8177
8599
  "x-validation-rules": {
8178
8600
  "ves.io.schema.rules.string.max_len": "128"
8179
8601
  },
8602
+ "x-f5xc-description-short": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check.",
8603
+ "x-f5xc-description-medium": "Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*).",
8180
8604
  "minLength": 0,
8181
8605
  "x-f5xc-required-for": {
8182
8606
  "minimum_config": false,
@@ -8189,6 +8613,7 @@
8189
8613
  "$ref": "#/components/schemas/app_firewallAppFirewallViolationType"
8190
8614
  }
8191
8615
  },
8616
+ "x-f5xc-description-short": "App Firewall violation context changes to be applied for this request.",
8192
8617
  "x-f5xc-minimum-configuration": {
8193
8618
  "description": "Minimum configuration for policyAppFirewallViolationContext",
8194
8619
  "required_fields": [
@@ -8236,6 +8661,8 @@
8236
8661
  "ves.io.schema.rules.repeated.min_items": "1",
8237
8662
  "ves.io.schema.rules.repeated.unique": "true"
8238
8663
  },
8664
+ "x-f5xc-description-short": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy.",
8665
+ "x-f5xc-description-medium": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer. Required: YES.",
8239
8666
  "x-f5xc-required-for": {
8240
8667
  "minimum_config": false,
8241
8668
  "create": false,
@@ -8244,6 +8671,8 @@
8244
8671
  }
8245
8672
  }
8246
8673
  },
8674
+ "x-f5xc-description-short": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy.",
8675
+ "x-f5xc-description-medium": "Unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer.",
8247
8676
  "x-f5xc-minimum-configuration": {
8248
8677
  "description": "Minimum configuration for policyAsnMatchList",
8249
8678
  "required_fields": [
@@ -8281,6 +8710,7 @@
8281
8710
  "ves.io.schema.rules.message.required": "true",
8282
8711
  "ves.io.schema.rules.repeated.max_items": "4"
8283
8712
  },
8713
+ "x-f5xc-description-short": "List of references to bgp_asn_set objects. Required: YES.",
8284
8714
  "x-f5xc-required-for": {
8285
8715
  "minimum_config": false,
8286
8716
  "create": false,
@@ -8289,6 +8719,7 @@
8289
8719
  }
8290
8720
  }
8291
8721
  },
8722
+ "x-f5xc-description-short": "Match any AS number contained in the list of bgp_asn_sets.",
8292
8723
  "x-f5xc-minimum-configuration": {
8293
8724
  "description": "Minimum configuration for policyAsnMatcherType",
8294
8725
  "required_fields": [
@@ -8332,6 +8763,7 @@
8332
8763
  }
8333
8764
  }
8334
8765
  },
8766
+ "x-f5xc-description-short": "Specifies bot to be excluded by its name.",
8335
8767
  "x-f5xc-minimum-configuration": {
8336
8768
  "description": "Minimum configuration for policyBotNameContext",
8337
8769
  "required_fields": [
@@ -8449,6 +8881,7 @@
8449
8881
  "ves.io.schema.rules.message.required": "true",
8450
8882
  "ves.io.schema.rules.string.max_bytes": "256"
8451
8883
  },
8884
+ "x-f5xc-description-short": "Case-sensitive cookie name. Required: YES.",
8452
8885
  "minLength": 0,
8453
8886
  "x-f5xc-required-for": {
8454
8887
  "minimum_config": false,
@@ -8458,9 +8891,11 @@
8458
8891
  },
8459
8892
  "x-original-maxLength": 256,
8460
8893
  "x-reconciled-from-discovery": true,
8461
- "x-reconciled-at": "2026-01-05T18:28:44.311109+00:00"
8894
+ "x-reconciled-at": "2026-01-07T15:27:53.793609+00:00"
8462
8895
  }
8463
8896
  },
8897
+ "x-f5xc-description-short": "Cookie matcher specifies the name of a single cookie and the criteria to match it.",
8898
+ "x-f5xc-description-medium": "Cookie matcher specifies the name of a single cookie and the criteria to match it. The input has a list of values for each cookie in the request. A cookie matcher can check for one of the following: * Presence or absence of the cookie * At least one of the values for the cookie in the request...",
8464
8899
  "x-f5xc-minimum-configuration": {
8465
8900
  "description": "Minimum configuration for policyCookieMatcherType",
8466
8901
  "required_fields": [
@@ -8768,6 +9203,8 @@
8768
9203
  "default": "CONTEXT_ANY",
8769
9204
  "x-displayname": "WAF Exclusion Context OPTIONS.",
8770
9205
  "x-ves-proto-enum": "ves.io.schema.policy.DetectionContext",
9206
+ "x-f5xc-description-short": "The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY...",
9207
+ "x-f5xc-description-medium": "The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE...",
8771
9208
  "x-f5xc-minimum-configuration": {
8772
9209
  "description": "Minimum configuration for policyDetectionContext",
8773
9210
  "required_fields": [],
@@ -8819,6 +9256,7 @@
8819
9256
  "ves.io.schema.rules.repeated.max_items": "16",
8820
9257
  "ves.io.schema.rules.repeated.unique": "true"
8821
9258
  },
9259
+ "x-f5xc-description-short": "List of methods values to match against.",
8822
9260
  "x-f5xc-required-for": {
8823
9261
  "minimum_config": false,
8824
9262
  "create": false,
@@ -8827,6 +9265,8 @@
8827
9265
  }
8828
9266
  }
8829
9267
  },
9268
+ "x-f5xc-description-short": "HTTP method matcher specifies a list of methods to match an input HTTP method.",
9269
+ "x-f5xc-description-medium": "HTTP method matcher specifies a list of methods to match an input HTTP method. The match is considered successful if the input method is a member of the list. The result of the match based on the method list is inverted if invert_matcher is true.",
8830
9270
  "x-f5xc-minimum-configuration": {
8831
9271
  "description": "Minimum configuration for policyHttpMethodMatcherType",
8832
9272
  "required_fields": [
@@ -8861,6 +9301,8 @@
8861
9301
  "default": "SPAM_SOURCES",
8862
9302
  "x-displayname": "IP Threat Category.",
8863
9303
  "x-ves-proto-enum": "ves.io.schema.policy.IPThreatCategory",
9304
+ "x-f5xc-description-short": "The IP threat categories to use when a policy based IP threat category is configured. - SPAM_SOURCES: SPAM_SOURCES - WINDOWS_EXPLOITS...",
9305
+ "x-f5xc-description-medium": "The IP threat categories to use when a policy based IP threat category is configured. - SPAM_SOURCES: SPAM_SOURCES - WINDOWS_EXPLOITS: WINDOWS_EXPLOITS - WEB_ATTACKS: WEB_ATTACKS - BOTNETS: BOTNETS - SCANNERS: SCANNERS - REPUTATION: REPUTATION - PHISHING: PHISHING - PROXY: PROXY ...",
8864
9306
  "x-f5xc-minimum-configuration": {
8865
9307
  "description": "Minimum configuration for policyIPThreatCategory",
8866
9308
  "required_fields": [],
@@ -8909,6 +9351,7 @@
8909
9351
  "ves.io.schema.rules.message.required": "true",
8910
9352
  "ves.io.schema.rules.repeated.max_items": "4"
8911
9353
  },
9354
+ "x-f5xc-description-short": "List of references to ip_prefix_set objects. Required: YES.",
8912
9355
  "x-f5xc-required-for": {
8913
9356
  "minimum_config": false,
8914
9357
  "create": false,
@@ -8917,6 +9360,8 @@
8917
9360
  }
8918
9361
  }
8919
9362
  },
9363
+ "x-f5xc-description-short": "Match any IP prefix contained in the list of ip_prefix_sets. The result of the match is inverted if invert_matcher is true.",
9364
+ "x-f5xc-description-medium": "Match any IP prefix contained in the list of ip_prefix_sets. The result of the match is inverted if invert_matcher is true.",
8920
9365
  "x-f5xc-minimum-configuration": {
8921
9366
  "description": "Minimum configuration for policyIpMatcherType",
8922
9367
  "required_fields": [
@@ -8956,6 +9401,7 @@
8956
9401
  "ves.io.schema.rules.repeated.max_items": "16",
8957
9402
  "ves.io.schema.rules.repeated.unique": "true"
8958
9403
  },
9404
+ "x-f5xc-description-short": "List of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against.",
8959
9405
  "x-f5xc-required-for": {
8960
9406
  "minimum_config": false,
8961
9407
  "create": false,
@@ -8964,6 +9410,8 @@
8964
9410
  }
8965
9411
  }
8966
9412
  },
9413
+ "x-f5xc-description-short": "Extended version of JA3 that includes additional fields for more comprehensive fingerprinting of SSL/TLS clients and potentially has a different...",
9414
+ "x-f5xc-description-medium": "Extended version of JA3 that includes additional fields for more comprehensive fingerprinting of SSL/TLS clients and potentially has a different structure and length.",
8967
9415
  "x-f5xc-minimum-configuration": {
8968
9416
  "description": "Minimum configuration for policyJA4TlsFingerprintMatcherType",
8969
9417
  "required_fields": [
@@ -9033,9 +9481,11 @@
9033
9481
  },
9034
9482
  "x-original-maxLength": 256,
9035
9483
  "x-reconciled-from-discovery": true,
9036
- "x-reconciled-at": "2026-01-05T18:28:44.311128+00:00"
9484
+ "x-reconciled-at": "2026-01-07T15:27:53.793627+00:00"
9037
9485
  }
9038
9486
  },
9487
+ "x-f5xc-description-short": "JWT claim matcher specifies the name of a single JWT claim and the criteria for the input request to match it.",
9488
+ "x-f5xc-description-medium": "JWT claim matcher specifies the name of a single JWT claim and the criteria for the input request to match it. The input has a list of actual values for each JWT claim name in the JWT payload. A JWT claim matcher can check for one of the following: * Presence or absence of the JWT Claim in the...",
9039
9489
  "x-f5xc-minimum-configuration": {
9040
9490
  "description": "Minimum configuration for policyJWTClaimMatcherType",
9041
9491
  "required_fields": [
@@ -9075,6 +9525,8 @@
9075
9525
  "default": "TLS_FINGERPRINT_NONE",
9076
9526
  "x-displayname": "TLS known fingerprint class.",
9077
9527
  "x-ves-proto-enum": "ves.io.schema.policy.KnownTlsFingerprintClass",
9528
+ "x-f5xc-description-short": "Specifies known TLS fingerprint classes - TLS_FINGERPRINT_NONE: TLS_FINGERPRINT_NONE No TLS fingerprint - ANY_MALICIOUS_FINGERPRINT...",
9529
+ "x-f5xc-description-medium": "Specifies known TLS fingerprint classes - TLS_FINGERPRINT_NONE: TLS_FINGERPRINT_NONE No TLS fingerprint - ANY_MALICIOUS_FINGERPRINT: ANY_MALICIOUS_FINGERPRINT TLS fingerprints known to be associated with malicious clients - ADWARE: ADWARE TLS fingerprints known to be associated with adware ...",
9078
9530
  "x-f5xc-minimum-configuration": {
9079
9531
  "description": "Minimum configuration for policyKnownTlsFingerprintClass",
9080
9532
  "required_fields": [],
@@ -9116,6 +9568,7 @@
9116
9568
  "ves.io.schema.rules.repeated.max_items": "64",
9117
9569
  "ves.io.schema.rules.repeated.unique": "true"
9118
9570
  },
9571
+ "x-f5xc-description-short": "List of exact values to match the input against.",
9119
9572
  "x-f5xc-required-for": {
9120
9573
  "minimum_config": false,
9121
9574
  "create": false,
@@ -9149,6 +9602,7 @@
9149
9602
  "ves.io.schema.rules.repeated.max_items": "16",
9150
9603
  "ves.io.schema.rules.repeated.unique": "true"
9151
9604
  },
9605
+ "x-f5xc-description-short": "List of regular expressions to match the input against.",
9152
9606
  "x-f5xc-required-for": {
9153
9607
  "minimum_config": false,
9154
9608
  "create": false,
@@ -9174,6 +9628,7 @@
9174
9628
  "ves.io.schema.rules.repeated.max_items": "9",
9175
9629
  "ves.io.schema.rules.repeated.unique": "true"
9176
9630
  },
9631
+ "x-f5xc-description-short": "Ordered list of transformers (starting from index 0) to be applied to the path before matching.",
9177
9632
  "x-f5xc-required-for": {
9178
9633
  "minimum_config": false,
9179
9634
  "create": false,
@@ -9182,6 +9637,8 @@
9182
9637
  }
9183
9638
  }
9184
9639
  },
9640
+ "x-f5xc-description-short": "Matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied.",
9641
+ "x-f5xc-description-medium": "Matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions.",
9185
9642
  "x-f5xc-minimum-configuration": {
9186
9643
  "description": "Minimum configuration for policyMatcherType",
9187
9644
  "required_fields": [
@@ -9247,6 +9704,7 @@
9247
9704
  }
9248
9705
  }
9249
9706
  },
9707
+ "x-f5xc-description-short": "List of IP Prefix strings to match against.",
9250
9708
  "x-f5xc-minimum-configuration": {
9251
9709
  "description": "Minimum configuration for policyPrefixMatchList",
9252
9710
  "required_fields": [
@@ -9282,6 +9740,8 @@
9282
9740
  "x-validation-rules": {
9283
9741
  "ves.io.schema.rules.repeated.max_items": "16"
9284
9742
  },
9743
+ "x-f5xc-description-short": "List of predicates for all cookies that need to be matched.",
9744
+ "x-f5xc-description-medium": "List of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name.",
9285
9745
  "x-f5xc-required-for": {
9286
9746
  "minimum_config": false,
9287
9747
  "create": false,
@@ -9304,6 +9764,9 @@
9304
9764
  "x-validation-rules": {
9305
9765
  "ves.io.schema.rules.repeated.max_items": "16"
9306
9766
  },
9767
+ "x-f5xc-example": "{\"key\": \"value\"}",
9768
+ "x-f5xc-description-short": "List of predicates for various HTTP headers that need to match.",
9769
+ "x-f5xc-description-medium": "List of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type.",
9307
9770
  "x-f5xc-required-for": {
9308
9771
  "minimum_config": false,
9309
9772
  "create": false,
@@ -9326,6 +9789,8 @@
9326
9789
  "x-validation-rules": {
9327
9790
  "ves.io.schema.rules.repeated.max_items": "16"
9328
9791
  },
9792
+ "x-f5xc-description-short": "List of predicates for various JWT claims that need to match.",
9793
+ "x-f5xc-description-medium": "List of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType instances. The actual JWT claims values are extracted from the JWT payload as a list of strings.",
9329
9794
  "x-f5xc-required-for": {
9330
9795
  "minimum_config": false,
9331
9796
  "create": false,
@@ -9348,6 +9813,8 @@
9348
9813
  "x-validation-rules": {
9349
9814
  "ves.io.schema.rules.repeated.max_items": "16"
9350
9815
  },
9816
+ "x-f5xc-description-short": "List of predicates for all query parameters that need to be matched.",
9817
+ "x-f5xc-description-medium": "List of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query...",
9351
9818
  "x-f5xc-required-for": {
9352
9819
  "minimum_config": false,
9353
9820
  "create": false,
@@ -9410,6 +9877,7 @@
9410
9877
  "ves.io.schema.rules.string.max_len": "256",
9411
9878
  "ves.io.schema.rules.string.min_len": "1"
9412
9879
  },
9880
+ "x-f5xc-description-short": "Exclusive with [any_domain suffix_value] Exact domain name.",
9413
9881
  "x-f5xc-required-for": {
9414
9882
  "minimum_config": false,
9415
9883
  "create": false,
@@ -9425,6 +9893,8 @@
9425
9893
  "x-displayname": "Expiration Timestamp.",
9426
9894
  "x-ves-example": "2019-12-31:44:34.171543432Z.",
9427
9895
  "x-f5xc-example": "2019-12-31:44:34.171543432Z",
9896
+ "x-f5xc-description-short": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired.",
9897
+ "x-f5xc-description-medium": "Specifies expiration_timestamp the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore.",
9428
9898
  "minLength": 0,
9429
9899
  "maxLength": 1024,
9430
9900
  "x-f5xc-required-for": {
@@ -9481,6 +9951,8 @@
9481
9951
  "ves.io.schema.rules.string.http_path": "true",
9482
9952
  "ves.io.schema.rules.string.max_len": "256"
9483
9953
  },
9954
+ "x-f5xc-description-short": "Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths)",
9955
+ "x-f5xc-description-medium": "Exclusive with [any_path path_regex] Path prefix to match (e.g. The value / will match on all paths).",
9484
9956
  "minLength": 0,
9485
9957
  "x-f5xc-required-for": {
9486
9958
  "minimum_config": false,
@@ -9505,6 +9977,8 @@
9505
9977
  "ves.io.schema.rules.string.max_bytes": "256",
9506
9978
  "ves.io.schema.rules.string.regex": "true"
9507
9979
  },
9980
+ "x-f5xc-description-short": "Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.",
9981
+ "x-f5xc-description-medium": "Exclusive with [any_path path_prefix] Define the regex for the path. For example, the regex ^/.*$ will match on all paths.",
9508
9982
  "minLength": 0,
9509
9983
  "x-f5xc-required-for": {
9510
9984
  "minimum_config": false,
@@ -9532,6 +10006,8 @@
9532
10006
  "ves.io.schema.rules.string.max_len": "256",
9533
10007
  "ves.io.schema.rules.string.min_len": "1"
9534
10008
  },
10009
+ "x-f5xc-description-short": "Exclusive with [any_domain exact_value] Suffix of domain name e.g \"xyz.com\" will match \"*.xyz.com\" and \"xyz.com\".",
10010
+ "x-f5xc-description-medium": "Exclusive with [any_domain exact_value] Suffix of domain name e.g \"xyz.com\" will match \"*.xyz.com\" and \"xyz.com\".",
9535
10011
  "x-f5xc-required-for": {
9536
10012
  "minimum_config": false,
9537
10013
  "create": false,
@@ -9543,6 +10019,8 @@
9543
10019
  "$ref": "#/components/schemas/schemaEmpty"
9544
10020
  }
9545
10021
  },
10022
+ "x-f5xc-description-short": "Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.",
10023
+ "x-f5xc-description-medium": "Simple WAF exclusion rule specifies a simple set of match conditions to be matched to skip a list of WAF detections.",
9546
10024
  "x-f5xc-minimum-configuration": {
9547
10025
  "description": "Minimum configuration for policySimpleWafExclusionRule",
9548
10026
  "required_fields": [
@@ -9590,6 +10068,7 @@
9590
10068
  "ves.io.schema.rules.repeated.max_items": "16",
9591
10069
  "ves.io.schema.rules.repeated.unique": "true"
9592
10070
  },
10071
+ "x-f5xc-description-short": "List of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against.",
9593
10072
  "x-f5xc-required-for": {
9594
10073
  "minimum_config": false,
9595
10074
  "create": false,
@@ -9618,6 +10097,7 @@
9618
10097
  "ves.io.schema.rules.repeated.max_items": "16",
9619
10098
  "ves.io.schema.rules.repeated.unique": "true"
9620
10099
  },
10100
+ "x-f5xc-description-short": "List of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against.",
9621
10101
  "x-f5xc-required-for": {
9622
10102
  "minimum_config": false,
9623
10103
  "create": false,
@@ -9646,6 +10126,8 @@
9646
10126
  "ves.io.schema.rules.repeated.max_items": "32",
9647
10127
  "ves.io.schema.rules.repeated.unique": "true"
9648
10128
  },
10129
+ "x-f5xc-description-short": "List of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint.",
10130
+ "x-f5xc-description-medium": "List of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint. This can be used to skip known false positives when using one or more known TLS fingerprint classes in the enclosing matcher.",
9649
10131
  "x-f5xc-required-for": {
9650
10132
  "minimum_config": false,
9651
10133
  "create": false,
@@ -9654,6 +10136,8 @@
9654
10136
  }
9655
10137
  }
9656
10138
  },
10139
+ "x-f5xc-description-short": "TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint.",
10140
+ "x-f5xc-description-medium": "TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint. The set of supported positve match criteria includes a list of known classes of TLS fingerprints and a list of exact values. The match is considered successful if either of these positive criteria are satisfied...",
9657
10141
  "x-f5xc-minimum-configuration": {
9658
10142
  "description": "Minimum configuration for policyTlsFingerprintMatcherType",
9659
10143
  "required_fields": [
@@ -9686,6 +10170,8 @@
9686
10170
  "default": "TRANSFORMER_NONE",
9687
10171
  "x-displayname": "Transformer.",
9688
10172
  "x-ves-proto-enum": "ves.io.schema.policy.Transformer",
10173
+ "x-f5xc-description-short": "Transformers to be applied on the part of the request before matching. - TRANSFORMER_NONE: transformer none No transformers enabled - LOWER_CASE...",
10174
+ "x-f5xc-description-medium": "Transformers to be applied on the part of the request before matching. - TRANSFORMER_NONE: transformer none No transformers enabled - LOWER_CASE: lower case Convert string to lower case - UPPER_CASE: upper case Convert string to upper case - BASE64_DECODE: base64 decode Decode string assuming...",
9689
10175
  "x-f5xc-minimum-configuration": {
9690
10176
  "description": "Minimum configuration for policyTransformer",
9691
10177
  "required_fields": [],
@@ -9708,6 +10194,8 @@
9708
10194
  "default": "SECOND",
9709
10195
  "x-displayname": "Rate Limit Period Unit.",
9710
10196
  "x-ves-proto-enum": "ves.io.schema.rate_limiter.RateLimitPeriodUnit",
10197
+ "x-f5xc-description-short": "Unit for the period per which the rate limit is applied. - SECOND: Second Rate limit period unit is seconds - MINUTE: Minute Rate limit period...",
10198
+ "x-f5xc-description-medium": "Unit for the period per which the rate limit is applied. - SECOND: Second Rate limit period unit is seconds - MINUTE: Minute Rate limit period unit is minutes - HOUR: Hour Rate limit period unit is hours - DAY: Day Rate limit period unit is days.",
9711
10199
  "x-f5xc-minimum-configuration": {
9712
10200
  "description": "Minimum configuration for rate_limiterRateLimitPeriodUnit",
9713
10201
  "required_fields": [],
@@ -9724,6 +10212,7 @@
9724
10212
  "title": "Empty",
9725
10213
  "x-displayname": "Empty",
9726
10214
  "x-ves-proto-message": "ves.io.schema.Empty",
10215
+ "x-f5xc-description-short": "Can be used for messages where no values are needed.",
9727
10216
  "x-f5xc-minimum-configuration": {
9728
10217
  "description": "Minimum configuration for schemaEmpty",
9729
10218
  "required_fields": [],
@@ -9754,6 +10243,7 @@
9754
10243
  "default": "ANY",
9755
10244
  "x-displayname": "HTTP Method.",
9756
10245
  "x-ves-proto-enum": "ves.io.schema.HttpMethod",
10246
+ "x-f5xc-description-short": "Specifies the HTTP method used to access a resource. Any HTTP Method.",
9757
10247
  "x-f5xc-minimum-configuration": {
9758
10248
  "description": "Minimum configuration for schemaHttpMethod",
9759
10249
  "required_fields": [],
@@ -9799,6 +10289,7 @@
9799
10289
  "ves.io.schema.rules.repeated.items.string.min_len": "1",
9800
10290
  "ves.io.schema.rules.repeated.max_items": "1"
9801
10291
  },
10292
+ "x-f5xc-description-short": "Expressions contains the Kubernetes style label expression for selections. Required: YES.",
9802
10293
  "x-f5xc-required-for": {
9803
10294
  "minimum_config": false,
9804
10295
  "create": false,
@@ -9807,6 +10298,8 @@
9807
10298
  }
9808
10299
  }
9809
10300
  },
10301
+ "x-f5xc-description-short": "Type can be used to establish a 'selector reference' from one object(called selector) to a set of other objects(called selectees) based on the...",
10302
+ "x-f5xc-description-medium": "Type can be used to establish a 'selector reference' from one object(called selector) to a set of other objects(called selectees) based on the value of expresssions. A label selector is a label query over a set of resources. An empty label selector matches all objects.",
9810
10303
  "x-f5xc-minimum-configuration": {
9811
10304
  "description": "Minimum configuration for schemaLabelSelectorType",
9812
10305
  "required_fields": [
@@ -9849,7 +10342,7 @@
9849
10342
  },
9850
10343
  "x-original-maxLength": 256,
9851
10344
  "x-reconciled-from-discovery": true,
9852
- "x-reconciled-at": "2026-01-05T18:28:44.311170+00:00"
10345
+ "x-reconciled-at": "2026-01-07T15:27:53.793668+00:00"
9853
10346
  },
9854
10347
  "name": {
9855
10348
  "type": "string",
@@ -9870,6 +10363,7 @@
9870
10363
  "ves.io.schema.rules.string.min_len": "1",
9871
10364
  "ves.io.schema.rules.string.ves_object_name": "true"
9872
10365
  },
10366
+ "x-f5xc-description-short": "Name of the message. The value of name has to follow DNS-1035 format.",
9873
10367
  "maxLength": 16,
9874
10368
  "x-f5xc-required-for": {
9875
10369
  "minimum_config": false,
@@ -9879,9 +10373,11 @@
9879
10373
  },
9880
10374
  "x-original-maxLength": 1024,
9881
10375
  "x-reconciled-from-discovery": true,
9882
- "x-reconciled-at": "2026-01-05T18:28:44.311174+00:00"
10376
+ "x-reconciled-at": "2026-01-07T15:27:53.793673+00:00"
9883
10377
  }
9884
10378
  },
10379
+ "x-f5xc-description-short": "MessageMetaType is metadata (common attributes) of a message that only certain messages have.",
10380
+ "x-f5xc-description-medium": "MessageMetaType is metadata (common attributes) of a message that only certain messages have. This information is propagated to the metadata of a child object that gets created from the containing message during view processing. The information in this type can be specified by user during create...",
9885
10381
  "x-f5xc-minimum-configuration": {
9886
10382
  "description": "Minimum configuration for schemaMessageMetaType",
9887
10383
  "required_fields": [
@@ -9912,6 +10408,8 @@
9912
10408
  "default": "PROPERTY_QUERY_PARAMETERS",
9913
10409
  "x-displayname": "OpenAPI Validation Properties.",
9914
10410
  "x-ves-proto-enum": "ves.io.schema.OpenApiValidationProperties",
10411
+ "x-f5xc-description-short": "List of required properties to validate against the OpenAPI spec Validate that all query parameters are according to the OpenAPI specification...",
10412
+ "x-f5xc-description-medium": "List of required properties to validate against the OpenAPI spec Validate that all query parameters are according to the OpenAPI specification Validate that all path parameters are according to the OpenAPI specification Validate that the content type of the request is according to the OpenAPI...",
9915
10413
  "x-f5xc-minimum-configuration": {
9916
10414
  "description": "Minimum configuration for schemaOpenApiValidationProperties",
9917
10415
  "required_fields": [],
@@ -9933,6 +10431,7 @@
9933
10431
  "default": "DESCENDING",
9934
10432
  "x-displayname": "Sort Order.",
9935
10433
  "x-ves-proto-enum": "ves.io.schema.SortOrder",
10434
+ "x-f5xc-description-short": "Sort algorithm Sort in descending order Sort in ascending order.",
9936
10435
  "x-f5xc-minimum-configuration": {
9937
10436
  "description": "Minimum configuration for schemaSortOrder",
9938
10437
  "required_fields": [],
@@ -9953,6 +10452,8 @@
9953
10452
  "TREND_SENTIMENT_NEGATIVE"
9954
10453
  ],
9955
10454
  "default": "TREND_SENTIMENT_NONE",
10455
+ "x-f5xc-description-short": "X-displayName: \"Trend Sentiment\" trend sentiment - TREND_SENTIMENT_NONE: x-displayName: \"None\" - TREND_SENTIMENT_POSITIVE: x-displayName...",
10456
+ "x-f5xc-description-medium": "X-displayName: \"Trend Sentiment\" trend sentiment - TREND_SENTIMENT_NONE: x-displayName: \"None\" - TREND_SENTIMENT_POSITIVE: x-displayName: \"Positive\" Indicates trend sentiment is positive - TREND_SENTIMENT_NEGATIVE: x-displayName: \"Negative\" Indicates trend sentiment is negative.",
9956
10457
  "x-f5xc-minimum-configuration": {
9957
10458
  "description": "Minimum configuration for schemaTrendSentiment",
9958
10459
  "required_fields": [],
@@ -9973,6 +10474,7 @@
9973
10474
  "description": "X-displayName: \"Description\"\ndescription of the method used to calculate trend.",
9974
10475
  "title": "Description.",
9975
10476
  "x-f5xc-example": "Trend was calculated by comparing the avg of window size intervals of end-start Time and last window time interval",
10477
+ "x-f5xc-description-short": "X-displayName: \"Description\" description of the method used to calculate trend.",
9976
10478
  "minLength": 0,
9977
10479
  "maxLength": 0,
9978
10480
  "x-f5xc-required-for": {
@@ -9983,7 +10485,7 @@
9983
10485
  },
9984
10486
  "x-original-maxLength": 1024,
9985
10487
  "x-reconciled-from-discovery": true,
9986
- "x-reconciled-at": "2026-01-05T18:28:44.311180+00:00"
10488
+ "x-reconciled-at": "2026-01-07T15:27:53.793679+00:00"
9987
10489
  },
9988
10490
  "previous_value": {
9989
10491
  "type": "string",
@@ -10017,9 +10519,11 @@
10017
10519
  },
10018
10520
  "x-original-maxLength": 1024,
10019
10521
  "x-reconciled-from-discovery": true,
10020
- "x-reconciled-at": "2026-01-05T18:28:44.311187+00:00"
10522
+ "x-reconciled-at": "2026-01-07T15:27:53.793686+00:00"
10021
10523
  }
10022
10524
  },
10525
+ "x-f5xc-description-short": "X-displayName: \"Trend Value\" Trend value contains trend value, trend sentiment and trend calculation description and window size.",
10526
+ "x-f5xc-description-medium": "X-displayName: \"Trend Value\" Trend value contains trend value, trend sentiment and trend calculation description and window size.",
10023
10527
  "x-f5xc-minimum-configuration": {
10024
10528
  "description": "Minimum configuration for schemaTrendValue",
10025
10529
  "required_fields": [
@@ -10054,6 +10558,8 @@
10054
10558
  "description": "Trend value computation requested for the field present in aggregation.\n\nX-displayName: \"Trend calculation requested by the user\"\nTrend value computation requested by the user\nOptional: default is false.",
10055
10559
  "format": "boolean",
10056
10560
  "x-f5xc-example": "true",
10561
+ "x-f5xc-description-short": "Trend value computation requested for the field present in aggregation.",
10562
+ "x-f5xc-description-medium": "Trend value computation requested for the field present in aggregation. X-displayName: \"Trend calculation requested by the user\" Trend value computation requested by the user Optional: default is false.",
10057
10563
  "x-f5xc-required-for": {
10058
10564
  "minimum_config": false,
10059
10565
  "create": false,
@@ -10068,6 +10574,8 @@
10068
10574
  "$ref": "#/components/schemas/schemaapp_securityMultiFieldAggregation"
10069
10575
  }
10070
10576
  },
10577
+ "x-f5xc-description-short": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the security events.",
10578
+ "x-f5xc-description-medium": "X-displayName: \"Aggregation Request\" Aggregation request to provide analytics data over the security events.",
10071
10579
  "x-f5xc-minimum-configuration": {
10072
10580
  "description": "Minimum configuration for schemaapp_securityAggregationRequest",
10073
10581
  "required_fields": [
@@ -10094,6 +10602,8 @@
10094
10602
  "$ref": "#/components/schemas/schemaapp_securityKeyField"
10095
10603
  }
10096
10604
  },
10605
+ "x-f5xc-description-short": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the security event.",
10606
+ "x-f5xc-description-medium": "X-displayName: \"Cardinality Aggregation\" GET approximate count of distinct values for the field in the security event.",
10097
10607
  "x-f5xc-minimum-configuration": {
10098
10608
  "description": "Minimum configuration for schemaapp_securityCardinalityAggregation",
10099
10609
  "required_fields": [
@@ -10116,6 +10626,8 @@
10116
10626
  "description": "X-displayName: \"Step\"\nx-required\nstep is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response.\nThe timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.\nFormat: [0-9][smhd], where s - seconds, m - minutes, h - hours, d - days.",
10117
10627
  "title": "Step",
10118
10628
  "x-f5xc-example": "5m",
10629
+ "x-f5xc-description-short": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in...",
10630
+ "x-f5xc-description-medium": "X-displayName: \"Step\" x-required step is the resolution width, which determines the number of the data points [x-axis (time)] to be returned in the response. The timestamps in the response will be t1=start_time, t2=t1+step, ... Tn=tn-1+step, where tn <= end_time.",
10119
10631
  "minLength": 0,
10120
10632
  "maxLength": 1024,
10121
10633
  "x-f5xc-required-for": {
@@ -10129,6 +10641,7 @@
10129
10641
  "type": "object",
10130
10642
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each date bucket.",
10131
10643
  "title": "Sub aggregation.",
10644
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each date bucket.",
10132
10645
  "x-f5xc-required-for": {
10133
10646
  "minimum_config": false,
10134
10647
  "create": false,
@@ -10137,6 +10650,8 @@
10137
10650
  }
10138
10651
  }
10139
10652
  },
10653
+ "x-f5xc-description-short": "X-displayName: \"Date Aggregation\" Aggregate security events based on timestamp in the security event.",
10654
+ "x-f5xc-description-medium": "X-displayName: \"Date Aggregation\" Aggregate security events based on timestamp in the security event.",
10140
10655
  "x-f5xc-minimum-configuration": {
10141
10656
  "description": "Minimum configuration for schemaapp_securityDateAggregation",
10142
10657
  "required_fields": [
@@ -10162,6 +10677,8 @@
10162
10677
  "$ref": "#/components/schemas/schemaapp_securityMultiFieldAggregation"
10163
10678
  }
10164
10679
  },
10680
+ "x-f5xc-description-short": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
10681
+ "x-f5xc-description-medium": "X-displayName: \"Date SubAggregation\" Aggregate security events based on one of the sub aggregation types.",
10165
10682
  "x-f5xc-minimum-configuration": {
10166
10683
  "description": "Minimum configuration for schemaapp_securityDateSubAggregation",
10167
10684
  "required_fields": [
@@ -10190,6 +10707,8 @@
10190
10707
  "type": "object",
10191
10708
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
10192
10709
  "title": "Sub aggregation.",
10710
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
10711
+ "x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
10193
10712
  "x-f5xc-required-for": {
10194
10713
  "minimum_config": false,
10195
10714
  "create": false,
@@ -10203,6 +10722,7 @@
10203
10722
  "title": "Topk",
10204
10723
  "format": "int64",
10205
10724
  "x-f5xc-example": "10",
10725
+ "x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
10206
10726
  "minimum": 0,
10207
10727
  "maximum": 2147483647,
10208
10728
  "x-f5xc-required-for": {
@@ -10213,6 +10733,8 @@
10213
10733
  }
10214
10734
  }
10215
10735
  },
10736
+ "x-f5xc-description-short": "X-displayName: \"Field Aggregation\" Aggregate security events based on the key fields in the security event.",
10737
+ "x-f5xc-description-medium": "X-displayName: \"Field Aggregation\" Aggregate security events based on the key fields in the security event.",
10216
10738
  "x-f5xc-minimum-configuration": {
10217
10739
  "description": "Minimum configuration for schemaapp_securityFieldAggregation",
10218
10740
  "required_fields": [
@@ -10237,6 +10759,8 @@
10237
10759
  "$ref": "#/components/schemas/schemaapp_securityCardinalityAggregation"
10238
10760
  }
10239
10761
  },
10762
+ "x-f5xc-description-short": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
10763
+ "x-f5xc-description-medium": "X-displayName: \"Field SubAggregation\" Aggregate security events in each field bucket based on one of the sub aggregation types.",
10240
10764
  "x-f5xc-minimum-configuration": {
10241
10765
  "description": "Minimum configuration for schemaapp_securityFieldSubAggregation",
10242
10766
  "required_fields": [
@@ -10317,6 +10841,8 @@
10317
10841
  "MALWARE_RECOMMENDED_ACTION"
10318
10842
  ],
10319
10843
  "default": "CITY",
10844
+ "x-f5xc-description-short": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName...",
10845
+ "x-f5xc-description-medium": "X-displayName: \"Key Field\" Security events can be aggregated based on these fields. - CITY: x-displayName: \"City\" - COUNTRY: x-displayName: \"Country\" - SEC_EVENT_TYPE: x-displayName: \"Security Event Type\" - SRC_SITE: x-displayName: \"Source Site\" - VH_NAME: x-displayName: \"Virtual Host Name\" ...",
10320
10846
  "x-f5xc-minimum-configuration": {
10321
10847
  "description": "Minimum configuration for schemaapp_securityKeyField",
10322
10848
  "required_fields": [],
@@ -10335,6 +10861,8 @@
10335
10861
  "SUSPICION_SCORE"
10336
10862
  ],
10337
10863
  "default": "SUSPICION_SCORE",
10864
+ "x-f5xc-description-short": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - SUSPICION_SCORE: x-displayName: \"Suspicion Score\".",
10865
+ "x-f5xc-description-medium": "X-displayName: \"Metric Field\" Metrics can be computed based on these fields. - SUSPICION_SCORE: x-displayName: \"Suspicion Score\".",
10338
10866
  "x-f5xc-minimum-configuration": {
10339
10867
  "description": "Minimum configuration for schemaapp_securityMetricField",
10340
10868
  "required_fields": [],
@@ -10354,6 +10882,8 @@
10354
10882
  "$ref": "#/components/schemas/schemaapp_securityPercentileAggregation"
10355
10883
  }
10356
10884
  },
10885
+ "x-f5xc-description-short": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the security event.",
10886
+ "x-f5xc-description-medium": "X-displayName: \"Metrics Aggregation\" Computes metrics based on values for the field in the security event.",
10357
10887
  "x-f5xc-minimum-configuration": {
10358
10888
  "description": "Minimum configuration for schemaapp_securityMetricsAggregation",
10359
10889
  "required_fields": [
@@ -10381,6 +10911,8 @@
10381
10911
  "type": "object",
10382
10912
  "description": "X-displayName: \"Sub Aggregation\"\nThis option provides sub-aggregation for each field aggregation bucket.",
10383
10913
  "title": "Sub aggregation.",
10914
+ "x-f5xc-description-short": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
10915
+ "x-f5xc-description-medium": "X-displayName: \"Sub Aggregation\" This option provides sub-aggregation for each field aggregation bucket.",
10384
10916
  "x-f5xc-required-for": {
10385
10917
  "minimum_config": false,
10386
10918
  "create": false,
@@ -10394,6 +10926,7 @@
10394
10926
  "title": "Topk",
10395
10927
  "format": "int64",
10396
10928
  "x-f5xc-example": "10",
10929
+ "x-f5xc-description-short": "X-displayName: \"TopK\" Number of top field values to be returned in the response.",
10397
10930
  "minimum": 0,
10398
10931
  "maximum": 2147483647,
10399
10932
  "x-f5xc-required-for": {
@@ -10404,6 +10937,8 @@
10404
10937
  }
10405
10938
  }
10406
10939
  },
10940
+ "x-f5xc-description-short": "X-displayName: \"Multi-Field Aggregation\" Aggregate security events based on the multiple fields in the security event.",
10941
+ "x-f5xc-description-medium": "X-displayName: \"Multi-Field Aggregation\" Aggregate security events based on the multiple fields in the security event.",
10407
10942
  "x-f5xc-minimum-configuration": {
10408
10943
  "description": "Minimum configuration for schemaapp_securityMultiFieldAggregation",
10409
10944
  "required_fields": [
@@ -10428,6 +10963,8 @@
10428
10963
  "$ref": "#/components/schemas/schemaapp_securityCardinalityAggregation"
10429
10964
  }
10430
10965
  },
10966
+ "x-f5xc-description-short": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
10967
+ "x-f5xc-description-medium": "X-displayName: \"Multi Field SubAggregation\" Aggregate security events in each MultiTerms bucket based on one of the sub aggregation types.",
10431
10968
  "x-f5xc-minimum-configuration": {
10432
10969
  "description": "Minimum configuration for schemaapp_securityMultiFieldSubAggregation",
10433
10970
  "required_fields": [
@@ -10461,6 +10998,8 @@
10461
10998
  "JA4_TLS_FINGERPRINT_COUNTRY"
10462
10999
  ],
10463
11000
  "default": "ASN_COUNTRY",
11001
+ "x-f5xc-description-short": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - ASN_COUNTRY: x-displayName: \"ASN, Country\"...",
11002
+ "x-f5xc-description-medium": "X-displayName: \"Multi-Key Field\" Security events can be aggregated based on these multiple key fields - ASN_COUNTRY: x-displayName: \"ASN, Country\" Aggregated by (keyfield.asn, keyfield.country) - DOMAIN_METHOD_API_EP: x-displayName: \"Domain, Method, API Endpoint\" Aggregated by (keyfield.domain...",
10464
11003
  "x-f5xc-minimum-configuration": {
10465
11004
  "description": "Minimum configuration for schemaapp_securityMultiKeyField",
10466
11005
  "required_fields": [],
@@ -10485,6 +11024,7 @@
10485
11024
  "title": "Percent",
10486
11025
  "format": "double",
10487
11026
  "x-f5xc-example": "[99.0]",
11027
+ "x-f5xc-description-short": "X-displayName: \"Percent\" x-required Percentile for which value is calculated.",
10488
11028
  "x-f5xc-required-for": {
10489
11029
  "minimum_config": false,
10490
11030
  "create": false,
@@ -10493,6 +11033,7 @@
10493
11033
  }
10494
11034
  }
10495
11035
  },
11036
+ "x-f5xc-description-short": "X-displayName: \"Percentile Aggregation\" Calculates percentile over numeric values for a field.",
10496
11037
  "x-f5xc-minimum-configuration": {
10497
11038
  "description": "Minimum configuration for schemaapp_securityPercentileAggregation",
10498
11039
  "required_fields": [
@@ -10556,6 +11097,7 @@
10556
11097
  "ves.io.schema.rules.string.http_header_field": "true",
10557
11098
  "ves.io.schema.rules.string.max_bytes": "256"
10558
11099
  },
11100
+ "x-f5xc-description-short": "Case-insensitive HTTP header name. Required: YES.",
10559
11101
  "minLength": 0,
10560
11102
  "x-f5xc-required-for": {
10561
11103
  "minimum_config": false,
@@ -10565,9 +11107,11 @@
10565
11107
  },
10566
11108
  "x-original-maxLength": 256,
10567
11109
  "x-reconciled-from-discovery": true,
10568
- "x-reconciled-at": "2026-01-05T18:28:44.311231+00:00"
11110
+ "x-reconciled-at": "2026-01-07T15:27:53.793730+00:00"
10569
11111
  }
10570
11112
  },
11113
+ "x-f5xc-description-short": "Header matcher specifies the name of a single HTTP header and the criteria for the input request to match it.",
11114
+ "x-f5xc-description-medium": "Header matcher specifies the name of a single HTTP header and the criteria for the input request to match it. The input has a list of actual values for each header name in the original HTTP request. A header matcher can check for one of the following: * Presence or absence of the header in the...",
10571
11115
  "x-f5xc-minimum-configuration": {
10572
11116
  "description": "Minimum configuration for schemapolicyHeaderMatcherType",
10573
11117
  "required_fields": [
@@ -10611,6 +11155,9 @@
10611
11155
  "ves.io.schema.rules.repeated.max_items": "32",
10612
11156
  "ves.io.schema.rules.repeated.unique": "true"
10613
11157
  },
11158
+ "x-f5xc-example": "{\"key\": \"value\"}",
11159
+ "x-f5xc-description-short": "The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions Required: YES.",
11160
+ "x-f5xc-description-medium": "The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions Required: YES.",
10614
11161
  "x-f5xc-required-for": {
10615
11162
  "minimum_config": false,
10616
11163
  "create": false,
@@ -10679,6 +11226,7 @@
10679
11226
  "ves.io.schema.rules.message.required": "true",
10680
11227
  "ves.io.schema.rules.string.max_bytes": "256"
10681
11228
  },
11229
+ "x-f5xc-description-short": "Case-sensitive HTTP query parameter name. Required: YES.",
10682
11230
  "minLength": 0,
10683
11231
  "x-f5xc-required-for": {
10684
11232
  "minimum_config": false,
@@ -10688,9 +11236,11 @@
10688
11236
  },
10689
11237
  "x-original-maxLength": 256,
10690
11238
  "x-reconciled-from-discovery": true,
10691
- "x-reconciled-at": "2026-01-05T18:28:44.311242+00:00"
11239
+ "x-reconciled-at": "2026-01-07T15:27:53.793742+00:00"
10692
11240
  }
10693
11241
  },
11242
+ "x-f5xc-description-short": "Query parameter matcher specifies the name of a single query parameter and the criteria for the input request to match it.",
11243
+ "x-f5xc-description-medium": "Query parameter matcher specifies the name of a single query parameter and the criteria for the input request to match it. The input has a list of actual values for each query parameter name in the original HTTP request. A query parameter matcher can check for one of the following: * Presence or...",
10694
11244
  "x-f5xc-minimum-configuration": {
10695
11245
  "description": "Minimum configuration for schemapolicyQueryParameterMatcherType",
10696
11246
  "required_fields": [
@@ -10734,6 +11284,8 @@
10734
11284
  "ves.io.schema.rules.string.max_bytes": "128",
10735
11285
  "ves.io.schema.rules.string.min_bytes": "1"
10736
11286
  },
11287
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g.",
11288
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. Route's) name. Required: YES.",
10737
11289
  "x-f5xc-required-for": {
10738
11290
  "minimum_config": false,
10739
11291
  "create": false,
@@ -10742,7 +11294,7 @@
10742
11294
  },
10743
11295
  "x-original-maxLength": 128,
10744
11296
  "x-reconciled-from-discovery": true,
10745
- "x-reconciled-at": "2026-01-05T18:28:44.311247+00:00"
11297
+ "x-reconciled-at": "2026-01-07T15:27:53.793748+00:00"
10746
11298
  },
10747
11299
  "namespace": {
10748
11300
  "type": "string",
@@ -10758,6 +11310,8 @@
10758
11310
  "x-validation-rules": {
10759
11311
  "ves.io.schema.rules.string.max_bytes": "64"
10760
11312
  },
11313
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g.",
11314
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. Route's) namespace.",
10761
11315
  "minLength": 0,
10762
11316
  "x-f5xc-required-for": {
10763
11317
  "minimum_config": false,
@@ -10767,7 +11321,7 @@
10767
11321
  },
10768
11322
  "x-original-maxLength": 64,
10769
11323
  "x-reconciled-from-discovery": true,
10770
- "x-reconciled-at": "2026-01-05T18:28:44.311251+00:00"
11324
+ "x-reconciled-at": "2026-01-07T15:27:53.793752+00:00"
10771
11325
  },
10772
11326
  "tenant": {
10773
11327
  "type": "string",
@@ -10783,6 +11337,8 @@
10783
11337
  "x-validation-rules": {
10784
11338
  "ves.io.schema.rules.string.max_bytes": "64"
10785
11339
  },
11340
+ "x-f5xc-description-short": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g.",
11341
+ "x-f5xc-description-medium": "When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. Route's) tenant.",
10786
11342
  "minLength": 0,
10787
11343
  "x-f5xc-required-for": {
10788
11344
  "minimum_config": false,
@@ -10794,9 +11350,11 @@
10794
11350
  "x-field-mutability": "read-only",
10795
11351
  "x-original-maxLength": 64,
10796
11352
  "x-reconciled-from-discovery": true,
10797
- "x-reconciled-at": "2026-01-05T18:28:44.311255+00:00"
11353
+ "x-reconciled-at": "2026-01-07T15:27:53.793756+00:00"
10798
11354
  }
10799
11355
  },
11356
+ "x-f5xc-description-short": "Type establishes a direct reference from one object(the referrer) to another(the referred).",
11357
+ "x-f5xc-description-medium": "Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.",
10800
11358
  "x-f5xc-minimum-configuration": {
10801
11359
  "description": "Minimum configuration for schemaviewsObjectRefType",
10802
11360
  "required_fields": [
@@ -10820,6 +11378,8 @@
10820
11378
  "$ref": "#/components/schemas/suspicious_user_logNumKeyField"
10821
11379
  }
10822
11380
  },
11381
+ "x-f5xc-description-short": "X-displayName: \"Avg aggregation\" GET the average value of the numeric values extracted from the field in the suspicious user log.",
11382
+ "x-f5xc-description-medium": "X-displayName: \"Avg aggregation\" GET the average value of the numeric values extracted from the field in the suspicious user log.",
10823
11383
  "x-f5xc-minimum-configuration": {
10824
11384
  "description": "Minimum configuration for suspicious_user_logAvgAggregation",
10825
11385
  "required_fields": [
@@ -10841,6 +11401,8 @@
10841
11401
  "$ref": "#/components/schemas/suspicious_user_logNumKeyField"
10842
11402
  }
10843
11403
  },
11404
+ "x-f5xc-description-short": "X-displayName: \"Max aggregation\" GET the maximum value among the numeric values extracted from the field in the suspicious user log.",
11405
+ "x-f5xc-description-medium": "X-displayName: \"Max aggregation\" GET the maximum value among the numeric values extracted from the field in the suspicious user log.",
10844
11406
  "x-f5xc-minimum-configuration": {
10845
11407
  "description": "Minimum configuration for suspicious_user_logMaxAggregation",
10846
11408
  "required_fields": [
@@ -10862,6 +11424,8 @@
10862
11424
  "$ref": "#/components/schemas/suspicious_user_logNumKeyField"
10863
11425
  }
10864
11426
  },
11427
+ "x-f5xc-description-short": "X-displayName: \"Min aggregation\" GET the minimum value among the numeric values extracted from the field in the suspicious user log.",
11428
+ "x-f5xc-description-medium": "X-displayName: \"Min aggregation\" GET the minimum value among the numeric values extracted from the field in the suspicious user log.",
10865
11429
  "x-f5xc-minimum-configuration": {
10866
11430
  "description": "Minimum configuration for suspicious_user_logMinAggregation",
10867
11431
  "required_fields": [
@@ -10896,6 +11460,8 @@
10896
11460
  "WAF_SUSPICION_SCORE"
10897
11461
  ],
10898
11462
  "default": "SUSPICION_SCORE",
11463
+ "x-f5xc-description-short": "X-displayName: \"Num-Key Field\" suspicious user log can be aggregated based on these numeric fields. - SUSPICION_SCORE: x-displayName: \"SUSPICION...",
11464
+ "x-f5xc-description-medium": "X-displayName: \"Num-Key Field\" suspicious user log can be aggregated based on these numeric fields. - SUSPICION_SCORE: x-displayName: \"SUSPICION SCORE\" - BEHAVIOR_ANOMALY_SCORE: x-displayName: \"BEHAVIOR ANOMALY SCORE\" - BOT_DEFENSE_SEC_EVENT_COUNT: x-displayName: \"BOT DEFENSE SEC EVENT COUNT\" ...",
10899
11465
  "x-f5xc-minimum-configuration": {
10900
11466
  "description": "Minimum configuration for suspicious_user_logNumKeyField",
10901
11467
  "required_fields": [],