IP Libraries Endpoint

The IP Libraries endpoint enables access to the Suspicious IP Collection and the Trusted IP Collection. These collections are stored in the Cisco Cloudlock application by an organization.

Suspicious IP Collection

Suspicious IP Collection [/ip/suspicious]
This describes Cloudlock's Suspicious IP library API features. This is an API enabling interaction with the contents of an organization's Suspicious IP Library stored in the Cisco Cloudlock application.

Fields

name

string

Library item name

"Dangerous IP"

description

string

Library item description

"Suspicious location"

ip_address

string

IP address in library

"172.255.255.0"

location

string

item location

"1313 Blackbird Lane"

type

string

item type

"suspicious"

categories

string

item categories

"Locations, areas"

updated_on

timestamp

last update, in UTC

"2016-06-20T13:05:23.034264+00:00"

created_on

timestamp

creation date, in UTC

"2016-06-20T13:05:23.034264+00:00"

expires_on

timestamp

time to expire item from library, in UTC

"2016-06-20T13:05:23.034264+00:00"

List Entries

[GET /ip/suspicious{?q,name,offset,limit}]
Return an organizations suspicious IP feeds.

  • Parameters
    • q (string, optional) - Match string within any of: name, location, ip_address, categories
    • name (string, optional) - Match a substring within entry name
    • offset (number, optional) - Limit to specific offset index position.
    • Default: 0
    • limit (number, optional) - Limit to specific number of items.
    • Default: 50
  • Response 200 (application/json)

  "limit": 20,
  "offset": 0,
  "total": 2,
  "results": 2,
  "items": [
  {
    "pk": "6yj3gQxaqo",
    "type": "suspicious",
    "name": "Bar foo",
    "ip_address": "3.3.3.97",
    "description": "TOR network exit point",
    "categories": [ "TOR network", "Malicious" ],
    "location": "United States Fairfield",
    "updated_on": "2016-06-20T13:05:23.034264+00:00",
    "created_on": "2016-06-20T13:05:23.034264+00:00",
    "expires_on": "2017-01-02T15:52:24.677313+00:00"
  },
  {
   "pk": "EW9zMXxNBY",
   "name": "Bar Vaz",
   "description": "desc",
   "location": "United States",
   "ip_address": "4.4.3.97",
   "type": "suspicious",
   "categories": [ "a", "b", "office" ],
   "updated_on": "2016-06-20T16:51:00.548171+00:00",
   "created_on": "2016-06-20T16:51:00.548171+00:00",
   "expires_on": "2017-01-04T15:52:24.677313+00:00"
  }
]

Create Entry

Create a new entry [POST]
Create a new suspicious custom IP in an organization's library.

{
    "name": "Bar foo",
    "description": "Lorem ipsum had a little lamb",
    "ip_address": "3.3.3.97",
    "categories": [ "foo", "bar" ],
    "expires_on": "2017-01-02T15:52:24.677313+00:00"
  }
  • Response 200 (application/json)
    • Headers
Location: /ip/suspicious
  • Body
{
  "pk": "6yj3gQxaqo",
  "name": "Bar foo",
  "description": "Lorem ipsum had a little lamb",
  "ip_address": "69.89.31.226",
  "location": "United States Fairfield",
  "type": "suspicious",
  "categories": [ "foo", "bar" ],
  "updated_on": "2016-06-20T13:05:23.034264+00:00",
  "created_on": "2016-06-20T13:05:23.034264+00:00",
  "expires_on": "2017-01-02T15:52:24.677313+00:00"
}

Import CSV

[POST /ip/suspicious{?file}]
Use a "multipart/form-data" request to upload and import a CSV file.
Parameters + file (string, optional) - Uploaded file

  • Request (multipart/form-data)
Type,Description,TTL,IP
Internal ELK,Jia Inc-20987,3/25/2096,192.168.1.15
Internal ELK,Jia Inc-20555,3/24/2096,192.168.7.5-192.168.7.10
SIEM,SF 00005958,,"10.136.0.11,10.45.160.1,10.152.128.155"
  • Response 200 (application/json)

Update Entry

[PUT /ip/suspicious/{id}]
Update TTL expiration date, IP address, categories, and short-description. + Parameters + id - ID of entry to update. + Request (application/json)

{
    "ip_address": "1.1.1.1",
    "expires_on": "2019-01-02T15:52:24.677313+00:00",
    "categories": [],
    "description": "Still in question"
  }
  • Attributes (object)
    • ip_address - Change IP address.
    • expires_on - Datetime to expire the ip address.
    • categories - Change categories.
    • description - Internal short description.
  • Response 200 (application/json)

Delete entries

[DELETE /ip/suspicious{?ids}]
Remove suspicious IP addresses from an organization's library.

  • Parameters + ids (comma-separated) - List of entry IDs to delete
    • Request (application/json)
  • Headers
Location: /ip/suspicious/?ids=J83euASvnDF,6yj3gQxaqo
  • Response 200 (application/json)

Trusted IP Collection

[/ip/trusted]
This describes Cloudlock's Trusted IP library API feature. This is a an API enabling interaction with the contents of an organization's Trusted IP Library stored in the Cisco Cloudlock application.

Fields

Field Name
Type
Description
Sample Values

name

string

Library item name

"Safe IP"

description

string

Library item description

"trusted"

ip_address

string

IP address in library

"172.255.255.0"

location

string

item location

"Regional Office"

type

string

item type

"trusted"

categories

string

item categories

"offices, locations"

updated_on

timestamp

last update, in UTC

"2016-06-20T13:05:23.034264+00:00"

created_on

timestamp

creation date, in UTC

"2016-06-20T13:05:23.034264+00:00"

List entries

[GET /ip/trusted{?q,name,offset,limit}]
Returns an organizations trusted IP feeds.

  • Parameters
    • q (string, optional) - Match string within any of: name, location, ip_address, categories
    • name (string, optional) - Match a substring within entry name
    • offset (number, optional) - Limit to specific offset index position.
    • Default: 0
    • limit (number, optional) - Limit to specific number of items.
    • Default: 50
  • Response 200 (application/json)
{
  "limit": 20,
  "offset": 0,
  "total": 2,
  "results": 2,
  "items": [
  {
    "pk": "7nLzJYxR5Z",
    "type": "trusted",
    "name": "Bar foo",
    "ip_address": "3.3.3.97",
    "description": "US Office",
    "categories": [ "office" ],
    "location": "United States Fairfield",
    "updated_on": "2016-06-20T13:05:23.034264+00:00",
    "created_on": "2016-06-20T13:05:23.034264+00:00"
  },
  {
   "pk": "EW9zMXxNBY",
   "name": "Bar Vaz",
   "description": "Bar",
   "location": "United States",
   "ip_address": "4.4.3.97",
   "type": "trusted",
   "categories": [ "app" ],
   "updated_on": "2016-06-20T16:51:00.548171+00:00",
   "created_on": "2016-06-20T16:51:00.548171+00:00"
  }
]

Create Entry

Create a New Entry [POST]
Create a new trusted custom IP in an organization's library.

  • Request (application/json)
{
    "name": "Bar foo",
    "description": "Lorem ipsum had a little lamb",
    "ip_address": "3.3.3.97",
    "categories": [ "app" ]
  }
  • Response 200 (application/json)
    • Headers
Location: /ip/trusted
  • Body
{
  "pk": "7nLzJYxR5Z",
  "name": "Bar foo",
  "description": "Lorem ipsum had a little lamb",
  "ip_address": "3.3.3.97",
  "location": "United States Fairfield",
  "type": "trusted",
  "categories": [ "app" ],
  "updated_on": "2016-06-20T13:05:23.034264+00:00",
  "created_on": "2016-06-20T13:05:23.034264+00:00"
}

Import CSV

[POST /ip/trusted{?file}]
Use a "multipart/form-data" request to upload and import a CSV file. + Parameters + file (string, optional) - Uploaded file

  • Request (multipart/form-data)
Name,Description,Type,Ip
Brussel Office,Range IPs of Brussel Office,Remote office,192.168.7.5-192.168.7.10
Germany Office,Single IP of Germany Office,Remote office,192.168.15.68
Spain Office,Multiple IPs of Spain office,Remote office,"10.136.0.11,10.45.160.1,10.152.128.155"
Lucidchart,Dev tool,Remote App,198.168.1.65
  • Response 200 (application/json)

Update Entry

[PUT /ip/trusted/{id}]
Update name, ip address, categories, and short-description. + Parameters + id - ID of entry to update. + Request (application/json)

{
    "ip_address": "1.1.1.1",
    "name": "Foobar",
    "categories": ["office"],
    "description": "Still in question"
  }
  • Attributes (object)
    • ip_address - Change IP address.
  • name - Name of entry.
  • categories - Change categories.
  • description - Internal short description.
  • Response 200 (application/json)

Delete entries

[DELETE /ip/trusted{?ids}]
Remove custom organization defined trusted IPs from library. + Parameters + ids (comma-separated) - List of entry IDs to delete

  • Request (application/json)
  • Headers
Location: /ip/trusted/?ids=7nLzJYxR5Z,6yj3gQxaqo
  • Response 200 (application/json)

Updated about a year ago

IP Libraries Endpoint


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.