Get Signatures

Retrieves a list of signatures.

Required Permissions

Requires the MEMBER role or higher.

HTTP Request

GET /api/sonar/signatures
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/signatures?offset=0&limit=20&keywords=
Request Parameters
KeyRequiredTypeDescriptionNote
offsetX32-bit integerNumber of items to skipDefault: 20, max 1000
limitX32-bit integerMaximum number of itemsDefault: 20, max 1000
keywordsXStringSearch keywordSearches signature, description, and CAPEC ID fields

Success Response

{
  "total_count": 2,
  "signatures": [
    {
      "guid": "fbad71f7-230d-443e-b6b2-bd4e968c8f5b",
      "signature": "signaturesignature1",
      "description": "Test signature 1",
      "capecs": [
        {
          "id": "CAPEC-1",
          "name": "Accessing Functionality Not Properly Constrained by ACLs"
        },
        {
          "id": "CAPEC-3",
          "name": "Using Leading 'Ghost' Character Sequences to Bypass Input Filters"
        },
        {
          "id": "CAPEC-999",
          "name": null
        }
      ],
      "owner_guid": "3cda2d4d-853c-432f-97ab-768866aaf74e",
      "owner_name": "delmitz",
      "owner_login_name": "delmitz",
      "app_code": "fortigate",
      "app_built_in": true,
      "created": "2025-09-09 10:33:47+0900",
      "updated": "2025-09-09 10:33:47+0900"
    },
    {
      "guid": "3cda2d4d-853c-432f-97ab-768866aaf74e",
      "signature": "sigsig2",
      "description": "Test signature 2",
      "capecs": [
        {
          "id": "CAPEC-3",
          "name": "Using Leading 'Ghost' Character Sequences to Bypass Input Filters"
        },
        {
          "id": "CAPEC-4",
          "name": "Using Alternative IP Address Encodings"
        },
        {
          "id": "CAPEC-5",
          "name": "Blue Boxing"
        }
      ],
      "owner_guid": "3cda2d4d-853c-432f-97ab-768866aaf74e",
      "owner_name": "delmitz",
      "owner_login_name": "delmitz",
      "app_code": "fortigate",
      "app_built_in": true,
      "created": "2025-09-09 10:33:47+0900",
      "updated": "2025-09-09 10:33:47+0900"
    }
  ]
}
  • total_count (32-bit integer): Total number of signatures matching the search criteria
  • signatures (Array): Signature list
    • guid (String): Signature unique identifier
    • signature (String): Signature code
    • description (String): Description
    • capecs (Array): CAPEC list
      • id (String): CAPEC ID
      • name (String): CAPEC name
    • owner_guid (String): Owner GUID
    • owner_name (String): Owner name
    • owner_login_name (String): Owner login name
    • app_code (String): App code
    • app_built_in (Boolean): Whether the app is built-in
    • created (String): Created date and time (yyyy-MM-dd HH:mm:ssZ format)
    • updated (String): Updated date and time (yyyy-MM-dd HH:mm:ssZ format)

Error Responses

offset or limit is not an integer

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' parameter should be int type"
}
offset or limit is negative

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' must be greater than or equal to 0."
}