Home
HomeDocumentation and Guides
Home

IP Libraries Endpoint

The IP Libraries endpoint enables access to the Suspicious IP Collection and the Trusted IP Collection. These collections are stored in the Cisco Cloudlock application by an organization.

Suspicious IP Collection

Suspicious IP Collection [/ip/suspicious]
This describes Cloudlock's Suspicious IP library API features. This is an API enabling interaction with the contents of an organization's Suspicious IP Library stored in the Cisco Cloudlock application.

Fields

namestringLibrary item name"Dangerous IP"
descriptionstringLibrary item description"Suspicious location"
ip_addressstringIP address in library"172.255.255.0"
locationstringitem location"1313 Blackbird Lane"
typestringitem type"suspicious"
categoriesstringitem categories"Locations, areas"
updated_ontimestamplast update, in UTC"2016-06-20T13:05:23.034264+00:00"
created_ontimestampcreation date, in UTC"2016-06-20T13:05:23.034264+00:00"
expires_ontimestamptime to expire item from library, in UTC"2016-06-20T13:05:23.034264+00:00"

List Entries

[GET /ip/suspicious{?q,name,offset,limit}]
Return an organizations suspicious IP feeds.

  • Parameters
  • q (string, optional) - Match string within any of: name, location, ip_address, categories
  • name (string, optional) - Match a substring within entry name
  • offset (number, optional) - Limit to specific offset index position.
  • Default: 0
  • limit (number, optional) - Limit to specific number of items.
  • Default: 50
    • Response 200 (application/json) 
"limit": 20,
  "offset": 0,
  "total": 2,
  "results": 2,
  "items": [
  {
    "pk": "6yj3gQxaqo",
    "type": "suspicious",
    "name": "Bar foo",
    "ip_address": "3.3.3.97",
    "description": "TOR network exit point",
    "categories": [ "TOR network", "Malicious" ],
    "location": "United States Fairfield",
    "updated_on": "2016-06-20T13:05:23.034264+00:00",
    "created_on": "2016-06-20T13:05:23.034264+00:00",
    "expires_on": "2017-01-02T15:52:24.677313+00:00"
  },
  {
   "pk": "EW9zMXxNBY",
   "name": "Bar Vaz",
   "description": "desc",
   "location": "United States",
   "ip_address": "4.4.3.97",
   "type": "suspicious",
   "categories": [ "a", "b", "office" ],
   "updated_on": "2016-06-20T16:51:00.548171+00:00",
   "created_on": "2016-06-20T16:51:00.548171+00:00",
   "expires_on": "2017-01-04T15:52:24.677313+00:00"
  }
]

Create Entry

Create a new entry [POST]
Create a new suspicious custom IP in an organization's library. 

{
    "name": "Bar foo",
    "description": "Lorem ipsum had a little lamb",
    "ip_address": "3.3.3.97",
    "categories": [ "foo", "bar" ],
    "expires_on": "2017-01-02T15:52:24.677313+00:00"
  }
  • Response 200 (application/json)
  • Headers 
Location: /ip/suspicious
  • Body
{
  "pk": "6yj3gQxaqo",
  "name": "Bar foo",
  "description": "Lorem ipsum had a little lamb",
  "ip_address": "69.89.31.226",
  "location": "United States Fairfield",
  "type": "suspicious",
  "categories": [ "foo", "bar" ],
  "updated_on": "2016-06-20T13:05:23.034264+00:00",
  "created_on": "2016-06-20T13:05:23.034264+00:00",
  "expires_on": "2017-01-02T15:52:24.677313+00:00"
}

Import CSV

[POST /ip/suspicious{?file}]
Use a "multipart/form-data" request to upload and import a CSV file.
Parameters + file (string, optional) - Uploaded file

  • Request (multipart/form-data) 
Type,Description,TTL,IP
Internal ELK,Jia Inc-20987,3/25/2096,192.168.1.15
Internal ELK,Jia Inc-20555,3/24/2096,192.168.7.5-192.168.7.10
SIEM,SF 00005958,,"10.136.0.11,10.45.160.1,10.152.128.155"
  • Response 200 (application/json)

Update Entry

[PUT /ip/suspicious/{id}]
Update TTL expiration date, IP address, categories, and short-description. + Parameters + id - ID of entry to update. + Request (application/json)

{
    "ip_address": "1.1.1.1",
    "expires_on": "2019-01-02T15:52:24.677313+00:00",
    "categories": [],
    "description": "Still in question"
  }
  • Attributes (object)
  • ip_address - Change IP address.
  • expires_on - Datetime to expire the ip address.
  • categories - Change categories.
  • description - Internal short description.
  • Response 200 (application/json)

Delete entries

[DELETE /ip/suspicious{?ids}]
Remove suspicious IP addresses from an organization's library.

  • Parameters + ids (comma-separated) - List of entry IDs to delete
    • Request (application/json)
  • Headers 
Location: /ip/suspicious/?ids=J83euASvnDF,6yj3gQxaqo
  • Response 200 (application/json)

Trusted IP Collection

[/ip/trusted]
This describes Cloudlock's Trusted IP library API feature. This is a an API enabling interaction with the contents of an organization's Trusted IP Library stored in the Cisco Cloudlock application.

Fields

Field NameTypeDescriptionSample Values
namestringLibrary item name"Safe IP"
descriptionstringLibrary item description"trusted"
ip_addressstringIP address in library"172.255.255.0"
locationstringitem location"Regional Office"
typestringitem type"trusted"
categoriesstringitem categories"offices, locations"
updated_ontimestamplast update, in UTC"2016-06-20T13:05:23.034264+00:00"
created_ontimestampcreation date, in UTC"2016-06-20T13:05:23.034264+00:00"

List entries

[GET /ip/trusted{?q,name,offset,limit}]
Returns an organizations trusted IP feeds.

  • Parameters
  • q (string, optional) - Match string within any of: name, location, ip_address, categories
  • name (string, optional) - Match a substring within entry name
  • offset (number, optional) - Limit to specific offset index position.
    • Default: 0
  • limit (number, optional) - Limit to specific number of items.
    • Default: 50
  • Response 200 (application/json) 
{
  "limit": 20,
  "offset": 0,
  "total": 2,
  "results": 2,
  "items": [
  {
    "pk": "7nLzJYxR5Z",
    "type": "trusted",
    "name": "Bar foo",
    "ip_address": "3.3.3.97",
    "description": "US Office",
    "categories": [ "office" ],
    "location": "United States Fairfield",
    "updated_on": "2016-06-20T13:05:23.034264+00:00",
    "created_on": "2016-06-20T13:05:23.034264+00:00"
  },
  {
   "pk": "EW9zMXxNBY",
   "name": "Bar Vaz",
   "description": "Bar",
   "location": "United States",
   "ip_address": "4.4.3.97",
   "type": "trusted",
   "categories": [ "app" ],
   "updated_on": "2016-06-20T16:51:00.548171+00:00",
   "created_on": "2016-06-20T16:51:00.548171+00:00"
  }
]

Create Entry

Create a New Entry [POST]
Create a new trusted custom IP in an organization's library.

  • Request (application/json)
{
    "name": "Bar foo",
    "description": "Lorem ipsum had a little lamb",
    "ip_address": "3.3.3.97",
    "categories": [ "app" ]
  }
  • Response 200 (application/json)
  • Headers
Location: /ip/trusted
  • Body
{
  "pk": "7nLzJYxR5Z",
  "name": "Bar foo",
  "description": "Lorem ipsum had a little lamb",
  "ip_address": "3.3.3.97",
  "location": "United States Fairfield",
  "type": "trusted",
  "categories": [ "app" ],
  "updated_on": "2016-06-20T13:05:23.034264+00:00",
  "created_on": "2016-06-20T13:05:23.034264+00:00"
}

Import CSV

[POST /ip/trusted{?file}]
Use a "multipart/form-data" request to upload and import a CSV file. + Parameters + file (string, optional) - Uploaded file

  • Request (multipart/form-data) 
Name,Description,Type,Ip
Brussel Office,Range IPs of Brussel Office,Remote office,192.168.7.5-192.168.7.10
Germany Office,Single IP of Germany Office,Remote office,192.168.15.68
Spain Office,Multiple IPs of Spain office,Remote office,"10.136.0.11,10.45.160.1,10.152.128.155"
Lucidchart,Dev tool,Remote App,198.168.1.65
  • Response 200 (application/json)

Update Entry

[PUT /ip/trusted/{id}]
Update name, ip address, categories, and short-description. + Parameters + id - ID of entry to update. + Request (application/json)

{
    "ip_address": "1.1.1.1",
    "name": "Foobar",
    "categories": ["office"],
    "description": "Still in question"
  }
  • Attributes (object)
    • ip_address - Change IP address.
  • name - Name of entry.
  • categories - Change categories.
  • description - Internal short description.
  • Response 200 (application/json)

Delete entries

[DELETE /ip/trusted{?ids}]
Remove custom organization defined trusted IPs from library. + Parameters + ids (comma-separated) - List of entry IDs to delete

  • Request (application/json)
  • Headers 
Location: /ip/trusted/?ids=7nLzJYxR5Z,6yj3gQxaqo
  • Response 200 (application/json)

Updated almost 4 years ago