IDPS Signature Bundle Upload Failure Alarm

• Title: "Alarm for IDPS Signature Bundle Upload Failure"

• Event ID: ids_ips.idps_signature_bundle_upload_failure

This alarm was added in release 9.1.0.

The alarm indicates failures in the manual signature bundle upload.

Cause: Invalid signature bundle.

• Upload a Valid IDS Signature Bundle.
• Steps to get a valid IDS Signature Bundle from NTICS and upload it to NSX Manager.
  
  

  Step 1: Register NSX-T to the Cloud Service - 
  

  URI Path:

  POST https://api.nsx-sec-prod.com/1.0/auth/register

   

   

   

  Body:

  { "license_keys":["XXXXX-XXXXX-XXXXX-XXXXX"], "device_type":"NSX-Idps-Offline-Download", "client_id": "client_username" }

   

  
  Step 2: Authenticate NSX-T to the Cloud Service

  The API accepts the client_id and client_secret generated in the Register API. The API generates access_token to use in the headers of requests to IDS Signatures APIs. The token is valid for 60 minutes.

  URI Path:

  POST https://api.nsx-sec-prod.com/1.0/auth/authenticate

  Example Body:

  {"client_id":"client_username", "client_secret": "Y54+V/rCpEm50x5HAUIzH6aXtTq7s97wCA2QqZ8VyrtFQjrJih7h0alItdQn02T46EJVnSMZWTseragTFScrtIwsiPSX7APQIC7MxAYZ0BoAWvW2akMxyZKyzbYZjeROb/C2QchehC8GFiFNpwqiAcQjrQHwHGdttX4zTQ=" }

  
  Step 3: Retrieve Link of the Signature Bundle (Zip) File

  Use the following API to retrieve link of the signature bundle file.

  URI Path:

  GET https://api.nsx-sec-prod.com/1.0/intrusion-services/signatures?version_name=<signature_version_name>

   

  In the Headers tab, the Authorization key will have the access_token value from the authenticate API response.

  
  Step 4: Upload the Signature Bundle to NSX Manager

  To upload the file from NSX Manager UI, navigate to Security > IDS/IPS & Malware Prevention > Settings > IDS/IPS, and click Upload IDS/IPS Signatures. Browse the saved signature ZIP file and upload the file.