{ "id":"/axapi/v3/threat-intel", "type":"object", "node-type":"intermediate", "title":"threat-intel", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "description":"Threat Intelligence module", "properties":{ "threat-feed-list":{ "type":"array", "minItems":1, "items":{ "type":"threat-feed" }, "uniqueItems":true, "$ref":"/axapi/v3/threat-intel/threat-feed/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'webroot': Configure Webroot module options; ", "enum":[ "webroot" ], "optional":false }, "server":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server IP or Hostname", "optional":true }, "port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":443, "partition-visibility":"shared", "description":"Port to query server(default 443)", "optional":true }, "server-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":30, "default":15, "partition-visibility":"shared", "description":"Server Timeout in seconds (default: 15s)", "optional":true }, "rtu-update-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disables real time updates(default enable)", "optional":true }, "update-interval":{ "type":"number", "format":"number", "minimum":10, "maximum":14400, "default":120, "partition-visibility":"shared", "description":"Interval to check for database or RTU updates(default 120 mins)", "optional":true }, "use-mgmt-port":{ "type":"number", "format":"flag", "plat-neg-list":["softax-aws"], "default":0, "partition-visibility":"shared", "description":"Use management interface for all communication with threat-intel server", "optional":true }, "log-level":{ "type":"string", "format":"enum", "default":"warning", "partition-visibility":"shared", "description":"'disable': Disable all logging; 'error': Log error events; 'warning': Log warning events and above; 'info': Log info events and above; 'debug': Log debug events and above; 'trace': enable all logs; ", "enum":[ "disable", "error", "warning", "info", "debug", "trace" ], "optional":true }, "proxy-host":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Proxy server hostname or IP address", "optional":true }, "proxy-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port to connect on proxy server", "optional":true }, "proxy-auth-type":{ "type":"string", "format":"enum", "default":"ntlm", "partition-visibility":"shared", "description":"'ntlm': NTLM authentication(default); 'basic': Basic authentication; ", "enum":[ "ntlm", "basic" ], "optional":true }, "domain":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Realm for NTLM authentication", "optional":true }, "proxy-username":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Username for proxy authentication", "optional":true }, "proxy-password":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Password for proxy authentication", "optional":true }, "secret-string":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"password value", "optional":true }, "encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)", "optional":true }, "enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable module", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] }, "threat-list-list":{ "type":"array", "minItems":1, "items":{ "type":"threat-list" }, "uniqueItems":true, "$ref":"/axapi/v3/threat-intel/threat-list/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Threat category List name", "optional":false }, "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'webroot': Configure Webroot threat categories; ", "enum":[ "webroot" ], "optional":true }, "all-categories":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "spam-sources", "windows-exploits", "web-attacks", "botnets", "scanners", "dos-attacks", "reputation", "phishing", "proxy", "mobile-threats", "tor-proxy" ], "description":"Enable all categories", "optional":true }, "spam-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities", "optional":true }, "windows-exploits":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's associated with malware, shell code, rootkits, worms or viruses", "optional":true }, "web-attacks":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's associated with cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute fo", "optional":true }, "botnets":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"Botnet C&C channels, and infected zombie machines controlled by Bot master", "optional":true }, "scanners":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's associated with probes, host scan, domain scan, and password brute force attack", "optional":true }, "dos-attacks":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's participating in DOS, DDOS, anomalous sync flood, and anomalous traffic detection", "optional":true }, "reputation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP addresses currently known to be infected with malware", "optional":true }, "phishing":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP addresses hosting phishing sites, ad click fraud or gaming fraud", "optional":true }, "proxy":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP addresses providing proxy services", "optional":true }, "mobile-threats":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's associated with mobile threats", "optional":true }, "tor-proxy":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"all-categories", "description":"IP's providing tor proxy services", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'spam-sources': Hits for spam sources; 'windows-exploits': Hits for windows exploits; 'web-attacks': Hits for web attacks; 'botnets': Hits for botnets; 'scanners': Hits for scanners; 'dos-attacks': Hits for dos attacks; 'reputation': Hits for reputation; 'phishing': Hits for phishing; 'proxy': Hits for proxy; 'mobile-threats': Hits for mobile threats; 'tor-proxy': Hits for tor-proxy; 'total-hits': Total hits for threat-list; ", "enum":[ "all", "spam-sources", "windows-exploits", "web-attacks", "botnets", "scanners", "dos-attacks", "reputation", "phishing", "proxy", "mobile-threats", "tor-proxy", "total-hits" ] } } } ] } }, "required":[ "name" ] } ] }, "webroot-global":{ "type":"object", "$ref":"/axapi/v3/threat-intel/webroot-global", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'spam-sources': Hits for spam sources; 'windows-exploits': Hits for windows exploits; 'web-attacks': Hits for web attacks; 'botnets': Hits for botnets; 'scanners': Hits for scanners; 'dos-attacks': Hits for dos attacks; 'reputation': Hits for reputation; 'phishing': Hits for phishing; 'proxy': Hits for proxy; 'mobile-threats': Hits for mobile threats; 'tor-proxy': Hits for tor-proxy; 'rtu-lookup': Number of lookups in RTU cache; 'database-lookup': Number of lookups in database; 'non-malicious-ips': IP's not found in database or RTU cache; ", "enum":[ "all", "spam-sources", "windows-exploits", "web-attacks", "botnets", "scanners", "dos-attacks", "reputation", "phishing", "proxy", "mobile-threats", "tor-proxy", "rtu-lookup", "database-lookup", "non-malicious-ips" ] } } } ] } } }, "webroot-ip-category":{ "type":"object", "$ref":"/axapi/v3/threat-intel/webroot-ip-category", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "webroot-database":{ "type":"object", "$ref":"/axapi/v3/threat-intel/webroot-database", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "webroot-log":{ "type":"object", "$ref":"/axapi/v3/threat-intel/webroot-log", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }