IP Libraries Endpoint
The IP Libraries endpoint enables access to the Suspicious IP Collection and the Trusted IP Collection. These collections are stored in the Cisco Cloudlock application by an organization.
Suspicious IP Collection
Suspicious IP Collection [/ip/suspicious]
This describes Cloudlock's Suspicious IP library API features. This is an API enabling interaction with the contents of an organization's Suspicious IP Library stored in the Cisco Cloudlock application.
Fields
name | string | Library item name | "Dangerous IP" |
description | string | Library item description | "Suspicious location" |
ip_address | string | IP address in library | "172.255.255.0" |
location | string | item location | "1313 Blackbird Lane" |
type | string | item type | "suspicious" |
categories | string | item categories | "Locations, areas" |
updated_on | timestamp | last update, in UTC | "2016-06-20T13:05:23.034264+00:00" |
created_on | timestamp | creation date, in UTC | "2016-06-20T13:05:23.034264+00:00" |
expires_on | timestamp | time to expire item from library, in UTC | "2016-06-20T13:05:23.034264+00:00" |
List Entries
[GET /ip/suspicious{?q,name,offset,limit}]
Return an organizations suspicious IP feeds.
- Parameters
- q (string, optional) - Match string within any of: name, location, ip_address, categories
- name (string, optional) - Match a substring within entry name
- offset (number, optional) - Limit to specific offset index position.
- Default: 0
- limit (number, optional) - Limit to specific number of items.
- Default: 50
- Response 200 (application/json)
"limit": 20,
"offset": 0,
"total": 2,
"results": 2,
"items": [
{
"pk": "6yj3gQxaqo",
"type": "suspicious",
"name": "Bar foo",
"ip_address": "3.3.3.97",
"description": "TOR network exit point",
"categories": [ "TOR network", "Malicious" ],
"location": "United States Fairfield",
"updated_on": "2016-06-20T13:05:23.034264+00:00",
"created_on": "2016-06-20T13:05:23.034264+00:00",
"expires_on": "2017-01-02T15:52:24.677313+00:00"
},
{
"pk": "EW9zMXxNBY",
"name": "Bar Vaz",
"description": "desc",
"location": "United States",
"ip_address": "4.4.3.97",
"type": "suspicious",
"categories": [ "a", "b", "office" ],
"updated_on": "2016-06-20T16:51:00.548171+00:00",
"created_on": "2016-06-20T16:51:00.548171+00:00",
"expires_on": "2017-01-04T15:52:24.677313+00:00"
}
]
Create Entry
Create a new entry [POST]
Create a new suspicious custom IP in an organization's library.
{
"name": "Bar foo",
"description": "Lorem ipsum had a little lamb",
"ip_address": "3.3.3.97",
"categories": [ "foo", "bar" ],
"expires_on": "2017-01-02T15:52:24.677313+00:00"
}
- Response 200 (application/json)
- Headers
Location: /ip/suspicious
- Body
{
"pk": "6yj3gQxaqo",
"name": "Bar foo",
"description": "Lorem ipsum had a little lamb",
"ip_address": "69.89.31.226",
"location": "United States Fairfield",
"type": "suspicious",
"categories": [ "foo", "bar" ],
"updated_on": "2016-06-20T13:05:23.034264+00:00",
"created_on": "2016-06-20T13:05:23.034264+00:00",
"expires_on": "2017-01-02T15:52:24.677313+00:00"
}
Import CSV
[POST /ip/suspicious{?file}]
Use a "multipart/form-data" request to upload and import a CSV file.
Parameters + file (string, optional) - Uploaded file
- Request (multipart/form-data)
Type,Description,TTL,IP
Internal ELK,Jia Inc-20987,3/25/2096,192.168.1.15
Internal ELK,Jia Inc-20555,3/24/2096,192.168.7.5-192.168.7.10
SIEM,SF 00005958,,"10.136.0.11,10.45.160.1,10.152.128.155"
- Response 200 (application/json)
Update Entry
[PUT /ip/suspicious/{id}]
Update TTL expiration date, IP address, categories, and short-description. + Parameters + id - ID of entry to update. + Request (application/json)
{
"ip_address": "1.1.1.1",
"expires_on": "2019-01-02T15:52:24.677313+00:00",
"categories": [],
"description": "Still in question"
}
- Attributes (object)
- ip_address - Change IP address.
- expires_on - Datetime to expire the ip address.
- categories - Change categories.
- description - Internal short description.
- Response 200 (application/json)
Delete entries
[DELETE /ip/suspicious{?ids}]
Remove suspicious IP addresses from an organization's library.
- Parameters + ids (comma-separated) - List of entry IDs to delete
- Request (application/json)
- Headers
Location: /ip/suspicious/?ids=J83euASvnDF,6yj3gQxaqo
- Response 200 (application/json)
Trusted IP Collection
[/ip/trusted]
This describes Cloudlock's Trusted IP library API feature. This is a an API enabling interaction with the contents of an organization's Trusted IP Library stored in the Cisco Cloudlock application.
Fields
Field Name | Type | Description | Sample Values |
---|---|---|---|
name | string | Library item name | "Safe IP" |
description | string | Library item description | "trusted" |
ip_address | string | IP address in library | "172.255.255.0" |
location | string | item location | "Regional Office" |
type | string | item type | "trusted" |
categories | string | item categories | "offices, locations" |
updated_on | timestamp | last update, in UTC | "2016-06-20T13:05:23.034264+00:00" |
created_on | timestamp | creation date, in UTC | "2016-06-20T13:05:23.034264+00:00" |
List entries
[GET /ip/trusted{?q,name,offset,limit}]
Returns an organizations trusted IP feeds.
- Parameters
- q (string, optional) - Match string within any of: name, location, ip_address, categories
- name (string, optional) - Match a substring within entry name
- offset (number, optional) - Limit to specific offset index position.
- Default: 0
- limit (number, optional) - Limit to specific number of items.
- Default: 50
- Response 200 (application/json)
{
"limit": 20,
"offset": 0,
"total": 2,
"results": 2,
"items": [
{
"pk": "7nLzJYxR5Z",
"type": "trusted",
"name": "Bar foo",
"ip_address": "3.3.3.97",
"description": "US Office",
"categories": [ "office" ],
"location": "United States Fairfield",
"updated_on": "2016-06-20T13:05:23.034264+00:00",
"created_on": "2016-06-20T13:05:23.034264+00:00"
},
{
"pk": "EW9zMXxNBY",
"name": "Bar Vaz",
"description": "Bar",
"location": "United States",
"ip_address": "4.4.3.97",
"type": "trusted",
"categories": [ "app" ],
"updated_on": "2016-06-20T16:51:00.548171+00:00",
"created_on": "2016-06-20T16:51:00.548171+00:00"
}
]
Create Entry
Create a New Entry [POST]
Create a new trusted custom IP in an organization's library.
- Request (application/json)
{
"name": "Bar foo",
"description": "Lorem ipsum had a little lamb",
"ip_address": "3.3.3.97",
"categories": [ "app" ]
}
- Response 200 (application/json)
- Headers
Location: /ip/trusted
- Body
{
"pk": "7nLzJYxR5Z",
"name": "Bar foo",
"description": "Lorem ipsum had a little lamb",
"ip_address": "3.3.3.97",
"location": "United States Fairfield",
"type": "trusted",
"categories": [ "app" ],
"updated_on": "2016-06-20T13:05:23.034264+00:00",
"created_on": "2016-06-20T13:05:23.034264+00:00"
}
Import CSV
[POST /ip/trusted{?file}]
Use a "multipart/form-data" request to upload and import a CSV file. + Parameters + file (string, optional) - Uploaded file
- Request (multipart/form-data)
Name,Description,Type,Ip
Brussel Office,Range IPs of Brussel Office,Remote office,192.168.7.5-192.168.7.10
Germany Office,Single IP of Germany Office,Remote office,192.168.15.68
Spain Office,Multiple IPs of Spain office,Remote office,"10.136.0.11,10.45.160.1,10.152.128.155"
Lucidchart,Dev tool,Remote App,198.168.1.65
- Response 200 (application/json)
Update Entry
[PUT /ip/trusted/{id}]
Update name, ip address, categories, and short-description. + Parameters + id - ID of entry to update. + Request (application/json)
{
"ip_address": "1.1.1.1",
"name": "Foobar",
"categories": ["office"],
"description": "Still in question"
}
- Attributes (object)
- ip_address - Change IP address.
- name - Name of entry.
- categories - Change categories.
- description - Internal short description.
- Response 200 (application/json)
Delete entries
[DELETE /ip/trusted{?ids}]
Remove custom organization defined trusted IPs from library. + Parameters + ids (comma-separated) - List of entry IDs to delete
- Request (application/json)
- Headers
Location: /ip/trusted/?ids=7nLzJYxR5Z,6yj3gQxaqo
- Response 200 (application/json)
Updated over 4 years ago