threat-intel threat-list¶

Threat Categories for malicious IPs

threat-list Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name threat-list-list

Collection URI /axapi/v3/threat-intel/threat-list

Element Name threat-list

Element URI /axapi/v3/threat-intel/threat-list/{name}

Element Attributes threat-list_attributes

Partition Visibility shared

Statistics Data URI /axapi/v3/threat-intel/threat-list/{name}/stats

Schema threat-list schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/threat-intel/threat-list	threat-list attributes
Create List	POST	/axapi/v3/threat-intel/threat-list	threat-list attributes
Get Object	GET	/axapi/v3/threat-intel/threat-list/{name}	threat-list attributes
Get List	GET	/axapi/v3/threat-intel/threat-list	threat-list-list
Modify Object	POST	/axapi/v3/threat-intel/threat-list/{name}	threat-list attributes
Replace Object	PUT	/axapi/v3/threat-intel/threat-list/{name}	threat-list attributes
Replace List	PUT	/axapi/v3/threat-intel/threat-list	threat-list-list
Delete Object	DELETE	/axapi/v3/threat-intel/threat-list/{name}	threat-list attributes

threat-list-list¶

threat-list-list is JSON List of threat-list attributes

threat-list-list : [

{ threat-list attributes },

{ threat-list attributes },

…

]

threat-list attributes¶

all-categories

Description Enable all categories

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: all-categories,spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, and tor-proxy are mutually exclusive

botnets

Description Botnet C&C channels, and infected zombie machines controlled by Bot master

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: botnets and all-categories are mutually exclusive

dos-attacks

Description IP’s participating in DOS, DDOS, anomalous sync flood, and anomalous traffic detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: dos-attacks and all-categories are mutually exclusive

mobile-threats

Description IP’s associated with mobile threats

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: mobile-threats and all-categories are mutually exclusive

name

Description Threat category List name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

phishing

Description IP addresses hosting phishing sites, ad click fraud or gaming fraud

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: phishing and all-categories are mutually exclusive

proxy

Description IP addresses providing proxy services

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: proxy and all-categories are mutually exclusive

reputation

Description IP addresses currently known to be infected with malware

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: reputation and all-categories are mutually exclusive

sampling-enable

Type: List

scanners

Description IP’s associated with probes, host scan, domain scan, and password brute force attack

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: scanners and all-categories are mutually exclusive

spam-sources

Description IP’s tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: spam-sources and all-categories are mutually exclusive

tor-proxy

Description IP’s providing tor proxy services

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: tor-proxy and all-categories are mutually exclusive

type

Description ‘webroot’: Configure Webroot threat categories;

Type: string

Supported Values: webroot

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

web-attacks

Description IP’s associated with cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute fo

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: web-attacks and all-categories are mutually exclusive

windows-exploits

Description IP’s associated with malware, shell code, rootkits, worms or viruses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: windows-exploits and all-categories are mutually exclusive

sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘spam-sources’: Hits for spam sources; ‘windows-exploits’: Hits for windows exploits; ‘web-attacks’: Hits for web attacks; ‘botnets’: Hits for botnets; ‘scanners’: Hits for scanners; ‘dos-attacks’: Hits for dos attacks; ‘reputation’: Hits for reputation; ‘phishing’: Hits for phishing; ‘proxy’: Hits for proxy; ‘mobile-threats’: Hits for mobile threats; ‘tor-proxy’: Hits for tor-proxy; ‘total-hits’: Total hits for threat-list;

Type: string

Supported Values: all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, total-hits