.. _threat_intel_threat_list: threat-intel threat-list ======================== Threat Categories for malicious IPs threat-list Specification ------------------------- ===================================== ======================================================================== **Parameter** **Value** ===================================== ======================================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`3499_threat-list_list` **Collection URI** /axapi/v3/threat-intel/threat-list **Element Name** threat-list **Element URI** /axapi/v3/threat-intel/threat-list/{name} **Element Attributes** threat-list_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/threat-intel/threat-list/{name}/stats **Schema** :download:`threat-list schema ` ===================================== ======================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/threat-intel/threat-list .. raw:: html :ref:`3499_threat-list_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/threat-intel/threat-list .. raw:: html :ref:`3499_threat-list_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/threat-intel/threat-list/{name} .. raw:: html :ref:`3499_threat-list_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/threat-intel/threat-list .. raw:: html :ref:`3499_threat-list_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/threat-intel/threat-list/{name} .. raw:: html :ref:`3499_threat-list_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/threat-intel/threat-list/{name} .. raw:: html :ref:`3499_threat-list_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/threat-intel/threat-list .. raw:: html :ref:`3499_threat-list_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/threat-intel/threat-list/{name} .. raw:: html :ref:`3499_threat-list_attributes` .. raw:: html
.. _3499_threat-list_list: threat-list-list ---------------- threat-list-list is **JSON List** of :ref:`3499_threat-list_attributes` threat-list-list : [ { :ref:`3499_threat-list_attributes` }, { :ref:`3499_threat-list_attributes` }, ... ] .. _3499_threat-list_attributes: threat-list attributes ---------------------- **all-categories** **Description** Enable all categories **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** all-categories,spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, and tor-proxy are mutually exclusive **botnets** **Description** Botnet C&C channels, and infected zombie machines controlled by Bot master **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** botnets and all-categories are mutually exclusive **dos-attacks** **Description** IP's participating in DOS, DDOS, anomalous sync flood, and anomalous traffic detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** dos-attacks and all-categories are mutually exclusive **mobile-threats** **Description** IP's associated with mobile threats **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** mobile-threats and all-categories are mutually exclusive **name** **Description** Threat category List name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **phishing** **Description** IP addresses hosting phishing sites, ad click fraud or gaming fraud **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** phishing and all-categories are mutually exclusive **proxy** **Description** IP addresses providing proxy services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** proxy and all-categories are mutually exclusive **reputation** **Description** IP addresses currently known to be infected with malware **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** reputation and all-categories are mutually exclusive **sampling-enable** **Type:** List **scanners** **Description** IP's associated with probes, host scan, domain scan, and password brute force attack **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** scanners and all-categories are mutually exclusive **spam-sources** **Description** IP's tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** spam-sources and all-categories are mutually exclusive **tor-proxy** **Description** IP's providing tor proxy services **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tor-proxy and all-categories are mutually exclusive **type** **Description** 'webroot': Configure Webroot threat categories; **Type:** string **Supported Values:** webroot **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-attacks** **Description** IP's associated with cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute fo **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** web-attacks and all-categories are mutually exclusive **windows-exploits** **Description** IP's associated with malware, shell code, rootkits, worms or viruses **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** windows-exploits and all-categories are mutually exclusive .. _3499_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'spam-sources': Hits for spam sources; 'windows-exploits': Hits for windows exploits; 'web-attacks': Hits for web attacks; 'botnets': Hits for botnets; 'scanners': Hits for scanners; 'dos-attacks': Hits for dos attacks; 'reputation': Hits for reputation; 'phishing': Hits for phishing; 'proxy': Hits for proxy; 'mobile-threats': Hits for mobile threats; 'tor-proxy': Hits for tor-proxy; 'total-hits': Total hits for threat-list; **Type:** string **Supported Values:** all, spam-sources, windows-exploits, web-attacks, botnets, scanners, dos-attacks, reputation, phishing, proxy, mobile-threats, tor-proxy, total-hits