.. _threat_intel_threat_list: threat-intel threat-list ======================== Threat Categories for malicious IPs threat-list Specification ------------------------- ===================================== ======================================================================== ===================================== ======================================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`2210_threat-list_list` **Collection URI** /axapi/v3/threat-intel/threat-list **Element Name** threat-list **Element URI** /axapi/v3/threat-intel/threat-list/{name} **Element Attributes** threat-list_attributes **Statistics Data URI** /axapi/v3/threat-intel/threat-list/{name}/stats **Schema** :download:`threat-list schema ` ===================================== ======================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html

Operation	Method	URI	Payload
Create Object .. raw:: html	POST .. raw:: html	/axapi/v3/threat-intel/threat-list .. raw:: html	:ref:`2210_threat-list_attributes` .. raw:: html
Create List .. raw:: html	POST .. raw:: html	/axapi/v3/threat-intel/threat-list .. raw:: html	:ref:`2210_threat-list_attributes` .. raw:: html
Get Object .. raw:: html	GET .. raw:: html	/axapi/v3/threat-intel/threat-list/{name} .. raw:: html	:ref:`2210_threat-list_attributes` .. raw:: html
Get List .. raw:: html	GET .. raw:: html	/axapi/v3/threat-intel/threat-list .. raw:: html	:ref:`2210_threat-list_list` .. raw:: html
Modify Object .. raw:: html	POST .. raw:: html	/axapi/v3/threat-intel/threat-list/{name} .. raw:: html	:ref:`2210_threat-list_attributes` .. raw:: html
Replace Object .. raw:: html	PUT .. raw:: html	/axapi/v3/threat-intel/threat-list/{name} .. raw:: html	:ref:`2210_threat-list_attributes` .. raw:: html
Replace List .. raw:: html	PUT .. raw:: html	/axapi/v3/threat-intel/threat-list .. raw:: html	:ref:`2210_threat-list_list` .. raw:: html
Delete Object .. raw:: html	DELETE .. raw:: html	/axapi/v3/threat-intel/threat-list/{name} .. raw:: html	:ref:`2210_threat-list_attributes` .. raw:: html

.. _2210_threat-list_list: threat-list-list ---------------- threat-list-list is **JSON List** of :ref:`2210_threat-list_attributes` threat-list-list : [ { :ref:`2210_threat-list_attributes` }, { :ref:`2210_threat-list_attributes` }, ... ] .. _2210_threat-list_attributes: threat-list attributes ---------------------- **all-categories** **Description** Enable all categories **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** all-categoriesspam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats and tor-proxy are mutually exclusive **botnets** **Description** Botnet C&C channels, and infected zombie machines controlled by Bot master **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** botnets and all-categories are mutually exclusive **dos-attacks** **Description** IP's participating in DOS, DDOS, anomalous sync flood, and anomalous traffic detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** dos-attacks and all-categories are mutually exclusive **mobile-threats** **Description** IP's associated with mobile threats **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** mobile-threats and all-categories are mutually exclusive **name** **Description** Threat category List name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **phishing** **Description** IP addresses hosting phishing sites, ad click fraud or gaming fraud **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** phishing and all-categories are mutually exclusive **proxy** **Description** IP addresses providing proxy services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** proxy and all-categories are mutually exclusive **reputation** **Description** IP addresses currently known to be infected with malware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** reputation and all-categories are mutually exclusive **sampling-enable** **Type:** List **scanners** **Description** IP's associated with probes, host scan, domain scan, and password brute force attack **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** scanners and all-categories are mutually exclusive **spam-sources** **Description** IP's tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** spam-sources and all-categories are mutually exclusive **tor-proxy** **Description** IP's providing tor proxy services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tor-proxy and all-categories are mutually exclusive **type** **Description** 'webroot': Configure Webroot threat categories; **Type:** string **Supported Values:** webroot **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-attacks** **Description** IP's associated with cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute fo **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** web-attacks and all-categories are mutually exclusive **windows-exploits** **Description** IP's associated with malware, shell code, rootkits, worms or viruses **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** windows-exploits and all-categories are mutually exclusive .. _2210_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'spam-sources': Hits for spam sources; 'windows-exploits': Hits for windows exploits; 'web-attacks': Hits for web attacks; 'botnets': Hits for botnets; 'scanners': Hits for scanners; 'dos-attacks': Hits for dos attacks; 'reputation': Hits for reputation; 'phishing': Hits for phishing; 'proxy': Hits for proxy; 'mobile-threats': Hits for mobile threats; 'tor-proxy': Hits for tor-proxy; 'total-hits': Total hits for threat-list; **Type:** string **Supported Values:** all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, total-hits .. _2210_stats_data: stats data ---------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - web-attacks - 8 - Hits for web attacks * - - total-hits - 8 - Total hits for threat-list * - - botnets - 8 - Hits for botnets * - - spam-sources - 8 - Hits for spam sources * - - phishing - 8 - Hits for phishing * - - dos-attacks - 8 - Hits for dos attacks * - - mobile-threats - 8 - Hits for mobile threats * - - reputation - 8 - Hits for reputation * - - proxy - 8 - Hits for proxy * - - windows-exploits - 8 - Hits for windows exploits * - - scanners - 8 - Hits for scanners * - - tor-proxy - 8 - Hits for tor-proxy