.. _threat_intel: threat-intel ============ Threat Intelligence module threat-intel Specification -------------------------- ===================================== ===================================================== **Parameter** **Value** ===================================== ===================================================== **Type** *Intermediate Resource* **Element Name** threat-intel **Element URI** /axapi/v3/threat-intel **Element Attributes** threat-intel_attributes **Partition Visibility** shared **Schema** :download:`threat-intel schema ` ===================================== ===================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/threat-intel .. raw:: html threat-intel_attributes .. raw:: html
.. _3508_threat-intel_attributes: threat-intel attributes ----------------------- **threat-feed-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/threat-intel/threat-feed/{type} ` **threat-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/threat-intel/threat-list/{name} ` **webroot-database** **Description:** webroot-database is a **JSON Block**. Please see below for :ref:`3508_webroot-database` **Type:** Object **Reference Object:** :doc:`/axapi/v3/threat-intel/webroot-database ` **webroot-global** **Description:** webroot-global is a **JSON Block**. Please see below for :ref:`3508_webroot-global` **Type:** Object **Reference Object:** :doc:`/axapi/v3/threat-intel/webroot-global ` **webroot-ip-category** **Description:** webroot-ip-category is a **JSON Block**. Please see below for :ref:`3508_webroot-ip-category` **Type:** Object **Reference Object:** :doc:`/axapi/v3/threat-intel/webroot-ip-category ` **webroot-log** **Description:** webroot-log is a **JSON Block**. Please see below for :ref:`3508_webroot-log` **Type:** Object **Reference Object:** :doc:`/axapi/v3/threat-intel/webroot-log ` .. _3508_threat-list-list: threat-list-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **all-categories** **Description** Enable all categories **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** all-categories,spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, and tor-proxy are mutually exclusive **botnets** **Description** Botnet C&C channels, and infected zombie machines controlled by Bot master **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** botnets and all-categories are mutually exclusive **dos-attacks** **Description** IP's participating in DOS, DDOS, anomalous sync flood, and anomalous traffic detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** dos-attacks and all-categories are mutually exclusive **mobile-threats** **Description** IP's associated with mobile threats **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** mobile-threats and all-categories are mutually exclusive **name** **Description** Threat category List name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **phishing** **Description** IP addresses hosting phishing sites, ad click fraud or gaming fraud **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** phishing and all-categories are mutually exclusive **proxy** **Description** IP addresses providing proxy services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** proxy and all-categories are mutually exclusive **reputation** **Description** IP addresses currently known to be infected with malware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** reputation and all-categories are mutually exclusive **sampling-enable** **Type:** List **scanners** **Description** IP's associated with probes, host scan, domain scan, and password brute force attack **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** scanners and all-categories are mutually exclusive **spam-sources** **Description** IP's tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** spam-sources and all-categories are mutually exclusive **tor-proxy** **Description** IP's providing tor proxy services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tor-proxy and all-categories are mutually exclusive **type** **Description** 'webroot': Configure Webroot threat categories; **Type:** string **Supported Values:** webroot **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-attacks** **Description** IP's associated with cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute fo **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** web-attacks and all-categories are mutually exclusive **windows-exploits** **Description** IP's associated with malware, shell code, rootkits, worms or viruses **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** windows-exploits and all-categories are mutually exclusive .. _3508_threat-list-list_sampling-enable: threat-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'spam-sources': Hits for spam sources; 'windows-exploits': Hits for windows exploits; 'web-attacks': Hits for web attacks; 'botnets': Hits for botnets; 'scanners': Hits for scanners; 'dos-attacks': Hits for dos attacks; 'reputation': Hits for reputation; 'phishing': Hits for phishing; 'proxy': Hits for proxy; 'mobile-threats': Hits for mobile threats; 'tor-proxy': Hits for tor-proxy; 'total-hits': Total hits for threat-list; **Type:** string **Supported Values:** all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, total-hits .. _3508_webroot-log: webroot-log ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3508_webroot-global: webroot-global ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3508_webroot-global_sampling-enable: webroot-global_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'spam-sources': Hits for spam sources; 'windows-exploits': Hits for windows exploits; 'web-attacks': Hits for web attacks; 'botnets': Hits for botnets; 'scanners': Hits for scanners; 'dos-attacks': Hits for dos attacks; 'reputation': Hits for reputation; 'phishing': Hits for phishing; 'proxy': Hits for proxy; 'mobile-threats': Hits for mobile threats; 'tor-proxy': Hits for tor-proxy; 'rtu-lookup': Number of lookups in RTU cache; 'database-lookup': Number of lookups in database; 'non-malicious-ips': IP's not found in database or RTU cache; **Type:** string **Supported Values:** all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, rtu-lookup, database-lookup, non-malicious-ips .. _3508_webroot-database: webroot-database ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3508_threat-feed-list: threat-feed-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **domain** **Description** Realm for NTLM authentication **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **enable** **Description** Enable module **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **log-level** **Description** 'disable': Disable all logging; 'error': Log error events; 'warning': Log warning events and above; 'info': Log info events and above; 'debug': Log debug events and above; 'trace': enable all logs; **Type:** string **Supported Values:** disable, error, warning, info, debug, trace **Default:** warning **port** **Description** Port to query server(default 443) **Type:** number **Range:** 1-65535 **Default:** 443 **proxy-auth-type** **Description** 'ntlm': NTLM authentication(default); 'basic': Basic authentication; **Type:** string **Supported Values:** ntlm, basic **Default:** ntlm **proxy-host** **Description** Proxy server hostname or IP address **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **proxy-password** **Description** Password for proxy authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **proxy-port** **Description** Port to connect on proxy server **Type:** number **Range:** 1-65535 **proxy-username** **Description** Username for proxy authentication **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **rtu-update-disable** **Description** Disables real time updates(default enable) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **secret-string** **Description** password value **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters **server** **Description** Server IP or Hostname **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-timeout** **Description** Server Timeout in seconds (default: 15s) **Type:** number **Range:** 1-30 **Default:** 15 **type** **Description** 'webroot': Configure Webroot module options; **Type:** string **Supported Values:** webroot **update-interval** **Description** Interval to check for database or RTU updates(default 120 mins) **Type:** number **Range:** 10-14400 **Default:** 120 **use-mgmt-port** **Description** Use management interface for all communication with threat-intel server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _3508_webroot-ip-category: webroot-ip-category ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters