Get Signatures

Retrieves a list of signatures.

Required Permissions

Requires the MEMBER role or higher.

HTTP Request

GET /api/sonar/signatures

cURL Example

curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/signatures?offset=0&limit=20&keywords=

Request Parameters

Key	Required	Type	Description	Note
offset	X	32-bit integer	Number of items to skip	Default: `20`, max `1000`
limit	X	32-bit integer	Maximum number of items	Default: `20`, max `1000`
keywords	X	String	Search keyword	Searches signature, description, and CAPEC ID fields

Success Response

{
  "total_count": 2,
  "signatures": [
    {
      "guid": "fbad71f7-230d-443e-b6b2-bd4e968c8f5b",
      "signature": "signaturesignature1",
      "description": "Test signature 1",
      "capecs": [
        {
          "id": "CAPEC-1",
          "name": "Accessing Functionality Not Properly Constrained by ACLs"
        },
        {
          "id": "CAPEC-3",
          "name": "Using Leading 'Ghost' Character Sequences to Bypass Input Filters"
        },
        {
          "id": "CAPEC-999",
          "name": null
        }
      ],
      "owner_guid": "3cda2d4d-853c-432f-97ab-768866aaf74e",
      "owner_name": "delmitz",
      "owner_login_name": "delmitz",
      "app_code": "fortigate",
      "app_built_in": true,
      "created": "2025-09-09 10:33:47+0900",
      "updated": "2025-09-09 10:33:47+0900"
    },
    {
      "guid": "3cda2d4d-853c-432f-97ab-768866aaf74e",
      "signature": "sigsig2",
      "description": "Test signature 2",
      "capecs": [
        {
          "id": "CAPEC-3",
          "name": "Using Leading 'Ghost' Character Sequences to Bypass Input Filters"
        },
        {
          "id": "CAPEC-4",
          "name": "Using Alternative IP Address Encodings"
        },
        {
          "id": "CAPEC-5",
          "name": "Blue Boxing"
        }
      ],
      "owner_guid": "3cda2d4d-853c-432f-97ab-768866aaf74e",
      "owner_name": "delmitz",
      "owner_login_name": "delmitz",
      "app_code": "fortigate",
      "app_built_in": true,
      "created": "2025-09-09 10:33:47+0900",
      "updated": "2025-09-09 10:33:47+0900"
    }
  ]
}

total_count (32-bit integer): Total number of signatures matching the search criteria
signatures (Array): Signature list
- guid (String): Signature unique identifier
- signature (String): Signature code
- description (String): Description
- capecs (Array): CAPEC list
  - id (String): CAPEC ID
  - name (String): CAPEC name
- owner_guid (String): Owner GUID
- owner_name (String): Owner name
- owner_login_name (String): Owner login name
- app_code (String): App code
- app_built_in (Boolean): Whether the app is built-in
- created (String): Created date and time (yyyy-MM-dd HH:mm:ssZ format)
- updated (String): Updated date and time (yyyy-MM-dd HH:mm:ssZ format)

Error Responses

offset or limit is not an integer

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' parameter should be int type"
}

offset or limit is negative

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' must be greater than or equal to 0."
}