threat-intel¶
Threat Intelligence module
threat-intel Specification¶
Type Intermediate Resource Element Name threat-intel Element URI /axapi/v3/threat-intel Element Attributes threat-intel_attributes Schema threat-intel schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/threat-intel | threat-intel_attributes |
threat-intel attributes¶
threat-feed-list
Type: List
Reference Object: /axapi/v3/threat-intel/threat-feed/{type}
threat-list-list
Type: List
Reference Object: /axapi/v3/threat-intel/threat-list/{name}
webroot-database
Description: webroot-database is a JSON Block. Please see below for webroot-database
Type: Object
Reference Object: /axapi/v3/threat-intel/webroot-database
webroot-global
Description: webroot-global is a JSON Block. Please see below for webroot-global
Type: Object
Reference Object: /axapi/v3/threat-intel/webroot-global
webroot-ip-category
Description: webroot-ip-category is a JSON Block. Please see below for webroot-ip-category
Type: Object
Reference Object: /axapi/v3/threat-intel/webroot-ip-category
webroot-log
Description: webroot-log is a JSON Block. Please see below for webroot-log
Type: Object
Reference Object: /axapi/v3/threat-intel/webroot-log
threat-list-list¶
Specification Type list Block object keys all-categories
Description Enable all categories
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: all-categoriesspam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats and tor-proxy are mutually exclusive
botnets
Description Botnet C&C channels, and infected zombie machines controlled by Bot master
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: botnets and all-categories are mutually exclusive
dos-attacks
Description IP’s participating in DOS, DDOS, anomalous sync flood, and anomalous traffic detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: dos-attacks and all-categories are mutually exclusive
mobile-threats
Description IP’s associated with mobile threats
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: mobile-threats and all-categories are mutually exclusive
name
Description Threat category List name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
phishing
Description IP addresses hosting phishing sites, ad click fraud or gaming fraud
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: phishing and all-categories are mutually exclusive
proxy
Description IP addresses providing proxy services
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: proxy and all-categories are mutually exclusive
reputation
Description IP addresses currently known to be infected with malware
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: reputation and all-categories are mutually exclusive
sampling-enable
Type: Listscanners
Description IP’s associated with probes, host scan, domain scan, and password brute force attack
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: scanners and all-categories are mutually exclusive
spam-sources
Description IP’s tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: spam-sources and all-categories are mutually exclusive
tor-proxy
Description IP’s providing tor proxy services
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: tor-proxy and all-categories are mutually exclusive
type
Description ‘webroot’: Configure Webroot threat categories;
Type: string
Supported Values: webroot
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-attacks
Description IP’s associated with cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute fo
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: web-attacks and all-categories are mutually exclusive
windows-exploits
Description IP’s associated with malware, shell code, rootkits, worms or viruses
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: windows-exploits and all-categories are mutually exclusive
threat-list-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘spam-sources’: Hits for spam sources; ‘windows-exploits’: Hits for windows exploits; ‘web-attacks’: Hits for web attacks; ‘botnets’: Hits for botnets; ‘scanners’: Hits for scanners; ‘dos-attacks’: Hits for dos attacks; ‘reputation’: Hits for reputation; ‘phishing’: Hits for phishing; ‘proxy’: Hits for proxy; ‘mobile-threats’: Hits for mobile threats; ‘tor-proxy’: Hits for tor-proxy; ‘total-hits’: Total hits for threat-list;
Type: string
Supported Values: all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, total-hits
webroot-log¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
webroot-global¶
Specification Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
webroot-global_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘spam-sources’: Hits for spam sources; ‘windows-exploits’: Hits for windows exploits; ‘web-attacks’: Hits for web attacks; ‘botnets’: Hits for botnets; ‘scanners’: Hits for scanners; ‘dos-attacks’: Hits for dos attacks; ‘reputation’: Hits for reputation; ‘phishing’: Hits for phishing; ‘proxy’: Hits for proxy; ‘mobile-threats’: Hits for mobile threats; ‘tor-proxy’: Hits for tor-proxy; ‘rtu-lookup’: Number of lookups in RTU cache; ‘database-lookup’: Number of lookups in database; ‘non-malicious-ips’: IP’s not found in database or RTU cache;
Type: string
Supported Values: all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, rtu-lookup, database-lookup, non-malicious-ips
webroot-database¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
threat-feed-list¶
Specification Type list Block object keys domain
Description Realm for NTLM authentication
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
enable
Description Enable module
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)log-level
Description ‘disable’: Disable all logging; ‘error’: Log error events; ‘warning’: Log warning events and above; ‘info’: Log info events and above; ‘debug’: Log debug events and above; ‘trace’: enable all logs;
Type: string
Supported Values: disable, error, warning, info, debug, trace
Default: warning
port
Description Port to query server(default 443)
Type: number
Range: 1-65535
Default: 443
proxy-auth-type
Description ‘ntlm’: NTLM authentication(default); ‘basic’: Basic authentication;
Type: string
Supported Values: ntlm, basic
Default: ntlm
proxy-host
Description Proxy server hostname or IP address
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
proxy-password
Description Password for proxy authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
proxy-port
Description Port to connect on proxy server
Type: number
Range: 1-65535
proxy-username
Description Username for proxy authentication
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
rtu-update-disable
Description Disables real time updates(default enable)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secret-string
Description password value
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
server
Description Server IP or Hostname
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-timeout
Description Server Timeout in seconds (default: 15s)
Type: number
Range: 1-30
Default: 15
type
Description ‘webroot’: Configure Webroot module options;
Type: string
Supported Values: webroot
update-interval
Description Interval to check for database or RTU updates(default 120 mins)
Type: number
Range: 10-14400
Default: 120
use-mgmt-port
Description Use management interface for all communication with threat-intel server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
webroot-ip-category¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters