Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware
This data source provides access to the comprehensive catalog of system IDPS (Intrusion Detection and Prevention System) signatures available in vDefend. It allows filtering and querying of specific system signatures for review, analysis, or cross-referencing against policies.
Important: The system signatures catalog contains more than 10,000 signatures. Fetching all signatures without filters can take significant time and resources. It is strongly recommended to always use appropriate filters (severity, product_affected, display_name, or class_type) to narrow down the results to the specific signatures you need.
- Filter Combinations: Combining multiple filters provides the most efficient queries. For example, filtering by both
severityandproduct_affectedwill return a much smaller and more relevant result set. - Use Case: This data source is primarily intended for querying specific signatures to reference in IDPS policies, not for bulk exports of the entire signature catalog.
This data source is applicable to NSX Policy Manager (NSX version 4.2.0 onwards).
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as nsxt from "@pulumi/nsxt";
// Filter by severity - recommended to always use filters
const criticalSigs = nsxt.getPolicyIdpsSystemSignatures({
severity: "CRITICAL",
});
// Filter by product and severity for targeted results
const webSigs = nsxt.getPolicyIdpsSystemSignatures({
productAffected: "HTTP_SERVER",
severity: "HIGH",
});
// Filter by display name to find specific signature patterns
const sqlSigs = nsxt.getPolicyIdpsSystemSignatures({
displayName: "SQL",
severity: "HIGH",
});
// Filter by class type for specific attack categories
const webAttacks = nsxt.getPolicyIdpsSystemSignatures({
classType: "web-application-attack",
severity: "CRITICAL",
});
// Combine multiple filters for precise results
const targetedSigs = nsxt.getPolicyIdpsSystemSignatures({
versionId: "DEFAULT",
severity: "CRITICAL",
productAffected: "HTTP_SERVER",
});
export const criticalSignatureIds = criticalSigs.then(criticalSigs => .map(sig => (sig.signatureId)));
import pulumi
import pulumi_nsxt as nsxt
# Filter by severity - recommended to always use filters
critical_sigs = nsxt.get_policy_idps_system_signatures(severity="CRITICAL")
# Filter by product and severity for targeted results
web_sigs = nsxt.get_policy_idps_system_signatures(product_affected="HTTP_SERVER",
severity="HIGH")
# Filter by display name to find specific signature patterns
sql_sigs = nsxt.get_policy_idps_system_signatures(display_name="SQL",
severity="HIGH")
# Filter by class type for specific attack categories
web_attacks = nsxt.get_policy_idps_system_signatures(class_type="web-application-attack",
severity="CRITICAL")
# Combine multiple filters for precise results
targeted_sigs = nsxt.get_policy_idps_system_signatures(version_id="DEFAULT",
severity="CRITICAL",
product_affected="HTTP_SERVER")
pulumi.export("criticalSignatureIds", [sig.signature_id for sig in critical_sigs.signatures])
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nsxt = Pulumi.Nsxt;
return await Deployment.RunAsync(() =>
{
// Filter by severity - recommended to always use filters
var criticalSigs = Nsxt.GetPolicyIdpsSystemSignatures.Invoke(new()
{
Severity = "CRITICAL",
});
// Filter by product and severity for targeted results
var webSigs = Nsxt.GetPolicyIdpsSystemSignatures.Invoke(new()
{
ProductAffected = "HTTP_SERVER",
Severity = "HIGH",
});
// Filter by display name to find specific signature patterns
var sqlSigs = Nsxt.GetPolicyIdpsSystemSignatures.Invoke(new()
{
DisplayName = "SQL",
Severity = "HIGH",
});
// Filter by class type for specific attack categories
var webAttacks = Nsxt.GetPolicyIdpsSystemSignatures.Invoke(new()
{
ClassType = "web-application-attack",
Severity = "CRITICAL",
});
// Combine multiple filters for precise results
var targetedSigs = Nsxt.GetPolicyIdpsSystemSignatures.Invoke(new()
{
VersionId = "DEFAULT",
Severity = "CRITICAL",
ProductAffected = "HTTP_SERVER",
});
return new Dictionary<string, object?>
{
["criticalSignatureIds"] = .Select(sig =>
{
return sig.SignatureId;
}).ToList(),
};
});
Example coming soon!
Example coming soon!
Example coming soon!
Using getPolicyIdpsSystemSignatures
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyIdpsSystemSignatures(args: GetPolicyIdpsSystemSignaturesArgs, opts?: InvokeOptions): Promise<GetPolicyIdpsSystemSignaturesResult>
function getPolicyIdpsSystemSignaturesOutput(args: GetPolicyIdpsSystemSignaturesOutputArgs, opts?: InvokeOptions): Output<GetPolicyIdpsSystemSignaturesResult>def get_policy_idps_system_signatures(class_type: Optional[str] = None,
display_name: Optional[str] = None,
id: Optional[str] = None,
product_affected: Optional[str] = None,
severity: Optional[str] = None,
version_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyIdpsSystemSignaturesResult
def get_policy_idps_system_signatures_output(class_type: pulumi.Input[Optional[str]] = None,
display_name: pulumi.Input[Optional[str]] = None,
id: pulumi.Input[Optional[str]] = None,
product_affected: pulumi.Input[Optional[str]] = None,
severity: pulumi.Input[Optional[str]] = None,
version_id: pulumi.Input[Optional[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyIdpsSystemSignaturesResult]func GetPolicyIdpsSystemSignatures(ctx *Context, args *GetPolicyIdpsSystemSignaturesArgs, opts ...InvokeOption) (*GetPolicyIdpsSystemSignaturesResult, error)
func GetPolicyIdpsSystemSignaturesOutput(ctx *Context, args *GetPolicyIdpsSystemSignaturesOutputArgs, opts ...InvokeOption) GetPolicyIdpsSystemSignaturesResultOutput> Note: This function is named GetPolicyIdpsSystemSignatures in the Go SDK.
public static class GetPolicyIdpsSystemSignatures
{
public static Task<GetPolicyIdpsSystemSignaturesResult> InvokeAsync(GetPolicyIdpsSystemSignaturesArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyIdpsSystemSignaturesResult> Invoke(GetPolicyIdpsSystemSignaturesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyIdpsSystemSignaturesResult> getPolicyIdpsSystemSignatures(GetPolicyIdpsSystemSignaturesArgs args, InvokeOptions options)
public static Output<GetPolicyIdpsSystemSignaturesResult> getPolicyIdpsSystemSignatures(GetPolicyIdpsSystemSignaturesArgs args, InvokeOptions options)
fn::invoke:
function: nsxt:index/getPolicyIdpsSystemSignatures:getPolicyIdpsSystemSignatures
arguments:
# arguments dictionarydata "nsxt_getpolicyidpssystemsignatures" "name" {
# arguments
}The following arguments are supported:
- Class
Type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - Display
Name string - Filter by display name (case-insensitive substring match).
- Id string
- The signature ID.
- Product
Affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - Severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - Version
Id string - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
- Class
Type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - Display
Name string - Filter by display name (case-insensitive substring match).
- Id string
- The signature ID.
- Product
Affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - Severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - Version
Id string - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
- class_
type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - display_
name string - Filter by display name (case-insensitive substring match).
- id string
- The signature ID.
- product_
affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - version_
id string - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
- class
Type String - Filter by class type (e.g.,
web-application-attack,trojan-activity). - display
Name String - Filter by display name (case-insensitive substring match).
- id String
- The signature ID.
- product
Affected String - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity String
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - version
Id String - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
- class
Type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - display
Name string - Filter by display name (case-insensitive substring match).
- id string
- The signature ID.
- product
Affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - version
Id string - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
- class_
type str - Filter by class type (e.g.,
web-application-attack,trojan-activity). - display_
name str - Filter by display name (case-insensitive substring match).
- id str
- The signature ID.
- product_
affected str - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity str
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - version_
id str - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
- class
Type String - Filter by class type (e.g.,
web-application-attack,trojan-activity). - display
Name String - Filter by display name (case-insensitive substring match).
- id String
- The signature ID.
- product
Affected String - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity String
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - version
Id String - Signature version ID to query. If not specified, the provider uses the active signature version (or
DEFAULT). This is also exported as an attribute so you can reference the actual version used (e.g. when omitted,data.xxx.version_idgives the resolved active version).
getPolicyIdpsSystemSignatures Result
The following output properties are available:
- Id string
- The signature ID.
- Path string
- NSX policy path.
- Signatures
List<Get
Policy Idps System Signatures Signature> - List of system signatures matching the filter criteria. Each signature contains:
- Version
Id string - Class
Type string - Classification type.
- Display
Name string - Display name.
- Product
Affected string - Affected product.
- Severity string
- Severity level.
- Id string
- The signature ID.
- Path string
- NSX policy path.
- Signatures
[]Get
Policy Idps System Signatures Signature - List of system signatures matching the filter criteria. Each signature contains:
- Version
Id string - Class
Type string - Classification type.
- Display
Name string - Display name.
- Product
Affected string - Affected product.
- Severity string
- Severity level.
- id string
- The signature ID.
- path string
- NSX policy path.
- signatures list(object)
- List of system signatures matching the filter criteria. Each signature contains:
- version_
id string - class_
type string - Classification type.
- display_
name string - Display name.
- product_
affected string - Affected product.
- severity string
- Severity level.
- id String
- The signature ID.
- path String
- NSX policy path.
- signatures
List<Get
Policy Idps System Signatures Signature> - List of system signatures matching the filter criteria. Each signature contains:
- version
Id String - class
Type String - Classification type.
- display
Name String - Display name.
- product
Affected String - Affected product.
- severity String
- Severity level.
- id string
- The signature ID.
- path string
- NSX policy path.
- signatures
Get
Policy Idps System Signatures Signature[] - List of system signatures matching the filter criteria. Each signature contains:
- version
Id string - class
Type string - Classification type.
- display
Name string - Display name.
- product
Affected string - Affected product.
- severity string
- Severity level.
- id str
- The signature ID.
- path str
- NSX policy path.
- signatures
Sequence[Get
Policy Idps System Signatures Signature] - List of system signatures matching the filter criteria. Each signature contains:
- version_
id str - class_
type str - Classification type.
- display_
name str - Display name.
- product_
affected str - Affected product.
- severity str
- Severity level.
- id String
- The signature ID.
- path String
- NSX policy path.
- signatures List<Property Map>
- List of system signatures matching the filter criteria. Each signature contains:
- version
Id String - class
Type String - Classification type.
- display
Name String - Display name.
- product
Affected String - Affected product.
- severity String
- Severity level.
Supporting Types
GetPolicyIdpsSystemSignaturesSignature
- Attack
Target string - Attack target.
- Categories List<string>
- List of categories (e.g.,
APPLICATION,NETWORK). - Class
Type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - Cves List<string>
- List of associated CVE IDs.
- Cvss string
- CVSS severity rating.
- Cvssv2 string
- CVSS v2 score.
- Cvssv3 string
- CVSS v3 score.
- Display
Name string - Filter by display name (case-insensitive substring match).
- Id string
- The signature ID.
- Name string
- Signature name.
- Path string
- NSX policy path.
- Product
Affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - Severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - Signature
Id string - Unique signature identifier (numeric ID).
- Signature
Revision string - Revision number.
- Urls List<string>
- List of reference URLs.
- Attack
Target string - Attack target.
- Categories []string
- List of categories (e.g.,
APPLICATION,NETWORK). - Class
Type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - Cves []string
- List of associated CVE IDs.
- Cvss string
- CVSS severity rating.
- Cvssv2 string
- CVSS v2 score.
- Cvssv3 string
- CVSS v3 score.
- Display
Name string - Filter by display name (case-insensitive substring match).
- Id string
- The signature ID.
- Name string
- Signature name.
- Path string
- NSX policy path.
- Product
Affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - Severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - Signature
Id string - Unique signature identifier (numeric ID).
- Signature
Revision string - Revision number.
- Urls []string
- List of reference URLs.
- attack_
target string - Attack target.
- categories list(string)
- List of categories (e.g.,
APPLICATION,NETWORK). - class_
type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - cves list(string)
- List of associated CVE IDs.
- cvss string
- CVSS severity rating.
- cvssv2 string
- CVSS v2 score.
- cvssv3 string
- CVSS v3 score.
- display_
name string - Filter by display name (case-insensitive substring match).
- id string
- The signature ID.
- name string
- Signature name.
- path string
- NSX policy path.
- product_
affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - signature_
id string - Unique signature identifier (numeric ID).
- signature_
revision string - Revision number.
- urls list(string)
- List of reference URLs.
- attack
Target String - Attack target.
- categories List<String>
- List of categories (e.g.,
APPLICATION,NETWORK). - class
Type String - Filter by class type (e.g.,
web-application-attack,trojan-activity). - cves List<String>
- List of associated CVE IDs.
- cvss String
- CVSS severity rating.
- cvssv2 String
- CVSS v2 score.
- cvssv3 String
- CVSS v3 score.
- display
Name String - Filter by display name (case-insensitive substring match).
- id String
- The signature ID.
- name String
- Signature name.
- path String
- NSX policy path.
- product
Affected String - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity String
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - signature
Id String - Unique signature identifier (numeric ID).
- signature
Revision String - Revision number.
- urls List<String>
- List of reference URLs.
- attack
Target string - Attack target.
- categories string[]
- List of categories (e.g.,
APPLICATION,NETWORK). - class
Type string - Filter by class type (e.g.,
web-application-attack,trojan-activity). - cves string[]
- List of associated CVE IDs.
- cvss string
- CVSS severity rating.
- cvssv2 string
- CVSS v2 score.
- cvssv3 string
- CVSS v3 score.
- display
Name string - Filter by display name (case-insensitive substring match).
- id string
- The signature ID.
- name string
- Signature name.
- path string
- NSX policy path.
- product
Affected string - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity string
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - signature
Id string - Unique signature identifier (numeric ID).
- signature
Revision string - Revision number.
- urls string[]
- List of reference URLs.
- attack_
target str - Attack target.
- categories Sequence[str]
- List of categories (e.g.,
APPLICATION,NETWORK). - class_
type str - Filter by class type (e.g.,
web-application-attack,trojan-activity). - cves Sequence[str]
- List of associated CVE IDs.
- cvss str
- CVSS severity rating.
- cvssv2 str
- CVSS v2 score.
- cvssv3 str
- CVSS v3 score.
- display_
name str - Filter by display name (case-insensitive substring match).
- id str
- The signature ID.
- name str
- Signature name.
- path str
- NSX policy path.
- product_
affected str - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity str
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - signature_
id str - Unique signature identifier (numeric ID).
- signature_
revision str - Revision number.
- urls Sequence[str]
- List of reference URLs.
- attack
Target String - Attack target.
- categories List<String>
- List of categories (e.g.,
APPLICATION,NETWORK). - class
Type String - Filter by class type (e.g.,
web-application-attack,trojan-activity). - cves List<String>
- List of associated CVE IDs.
- cvss String
- CVSS severity rating.
- cvssv2 String
- CVSS v2 score.
- cvssv3 String
- CVSS v3 score.
- display
Name String - Filter by display name (case-insensitive substring match).
- id String
- The signature ID.
- name String
- Signature name.
- path String
- NSX policy path.
- product
Affected String - Filter by affected product (e.g.,
HTTP_SERVER,DATABASE). - severity String
- Filter by severity level:
LOW,MEDIUM,HIGH,CRITICAL. - signature
Id String - Unique signature identifier (numeric ID).
- signature
Revision String - Revision number.
- urls List<String>
- List of reference URLs.
Package Details
- Repository
- nsxt vmware/terraform-provider-nsxt
- License
- Notes
- This Pulumi package is based on the
nsxtTerraform Provider.
Viewing docs for nsxt 3.12.0
published on Monday, May 18, 2026 by vmware
published on Monday, May 18, 2026 by vmware