Netscout Arbor Edge Defense
This Integration is part of the Netscout Arbor Edge Defense - AED Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
The Netscout Arbor Edge Defense (AED) integration enables you to block and allow outbound and inbound traffic.
What does this pack do?#
Using the Netscout AED integration you can:
- Get, add, and remove hosts, countries, domains, and URLs from the inbound block list.
- Get, add, and remove hosts from the inbound allow list.
- Get, add, and remove hosts and countries from the outbound blaock list.
- Get, add, and remove hosts from the outbound all.
- Get and update the protection group (the IPv4 or IPv6 hosts that you need to protect).
Configure NetscoutAED in Cortex#
| Parameter | Required |
|---|---|
| Server URL | True |
| API Token | If using 6.0.2 or lower version, put your API Key in the Password field, leave the User field empty. |
| Trust any certificate (not secure) | False |
| Use system proxy settings | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
na-ed-outbound-blacklisted-countries-list#
Gets the countries on the outbound block list. By default, 10 block listed countries are returned.
Base Command#
na-ed-country-code-list#
Gets a country or list of countries (country name and ISO-standardized country code).
Base Command#
na-ed-country-code-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| query | Search strings, separated by โ+โ to filter the results. (For example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results returned per page. Default: 10. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.Country.country_name | String | The country's name. |
| NetscoutAED.Country.iso_code | String | The ISO-standardized country code. |
Command Example#
!na-ed-country-code-list limit=5
Context Example#
Human Readable Output#
Netscout AED Countries List#
Country Name Iso Code 6to4 Relay Anycast XF Afghanistan AF Aland Islands AX Albania AL Algeria DZ
na-ed-outbound-blacklisted-countries-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| country | An ISO-standardized country code to get a specific country in the results. Can be retrieved by running the "na-ed-country-code-list" command. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (For example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results returned per page. Default: 10. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundBlacklistCountry.annotation | String | A message associated with each country in the outbound block list. |
| NetscoutAED.OutboundBlacklistCountry.country | String | An ISO-standardized country code. |
| NetscoutAED.OutboundBlacklistCountry.update_time | Date | The time that the country code was added to the list. |
Command Example#
!na-ed-outbound-blacklisted-countries-list
Context Example#
Human Readable Output#
Blacklisted Countries#
Country Update Time Annotation AZ 2021-04-13T13:06:43.000Z example1 IS 2021-04-19T15:28:13.000Z example2
na-ed-outbound-blacklisted-countries-add#
Adds one or more countries to the outbound block list.
Base Command#
na-ed-outbound-blacklisted-countries-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| country | An ISO-standardized country code or a comma-separated list of country codes. Can be retrieved by running the "na-ed-country-code-list" command. | Required |
| annotation | A message to associate with each country that you add to the outbound block list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundBlacklistCountry.annotation | String | A message associated with each country in the outbound block list. |
| NetscoutAED.OutboundBlacklistCountry.country | String | An ISO-standardized country code. |
| NetscoutAED.OutboundBlacklistCountry.update_time | Date | The time that the country code was added to the list. |
Command Example#
!na-ed-outbound-blacklisted-countries-add country=AU
Context Example#
Human Readable Output#
Countries were successfully added to the outbound block listed list
Added Countries#
Country Update Time AU 2021-05-24T08:58:03.000Z
na-ed-outbound-blacklisted-countries-remove#
Removes one or more countries from the outbound block list.
Base Command#
na-ed-outbound-blacklisted-countries-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| country | An ISO-standardized country code or a comma-separated list of ISO-standardized country codes to remove. Can be retrieved by running the "na-ed-country-code-list" command. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-outbound-blacklisted-countries-remove country=AU
Human Readable Output#
Countries were successfully removed from the outbound block listed list
na-ed-inbound-blacklisted-countries-list#
Gets the inbound block listed countries. By default, 10 block listed countries are returned. To return block listed countries for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects countries that are globally block listed.
Base Command#
na-ed-inbound-blacklisted-countries-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | A comma-separated list of central configuration IDs. Cannot be used with the pgid parameter. | Optional |
| pgid | A comma-separated list of protection group IDs. Cannot be used with the cid parameter. | Optional |
| country | An ISO-standardized country code to get a specific country in the results. Can be retrieved by running the "na-ed-country-code-list" command. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (For example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results returned per page. Default: 10. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistCountry.annotation | Unknown | List of messages associated with each country in the inbound block list. |
| NetscoutAED.InboundBlacklistCountry.cid | Unknown | List of central configuration IDs. |
| NetscoutAED.InboundBlacklistCountry.country | String | An ISO-standardized country code. |
| NetscoutAED.InboundBlacklistCountry.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistCountry.update_time | Date | The time that the country code was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-countries-list country=AM
Context Example#
Human Readable Output#
Blacklisted Countries#
Country Update Time Annotation Pgid AM 2021-04-19T15:36:00.000Z example1 52
na-ed-inbound-blacklisted-countries-add#
Adds one or more countries to the inbound block list by pgid or cid.
Base Command#
na-ed-inbound-blacklisted-countries-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | A specific central configuration ID or -1 for global. Cannot be used with the pgid parameter. | Optional |
| pgid | A specific protection group ID or -1 for global. Cannot be used with the cid parameter. | Optional |
| annotation | A message to associate with each country that you add to the block list. | Optional |
| country | ISO-standardized country code or a comma-separated list of country codes. Can be retrieved by running the "na-ed-country-code-list" command. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistCountry.annotation | Unknown | List of messages associated with each country in the outbound block list. |
| NetscoutAED.InboundBlacklistCountry.cid | Unknown | List of central configuration IDs. |
| NetscoutAED.InboundBlacklistCountry.country | String | An ISO-standardized country code. |
| NetscoutAED.InboundBlacklistCountry.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistCountry.update_time | Date | The time that the country code was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-countries-add country=AU
Context Example#
Human Readable Output#
Countries were successfully added to the inbound block listed list
Added Countries#
Country Cid Pgid Update Time AU -1 -1 2021-05-24T08:57:58.000Z
na-ed-inbound-blacklisted-countries-remove#
Removes one or more countries from the block list for a specific protection group or for all protection groups.
Base Command#
na-ed-inbound-blacklisted-countries-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | A specific central configuration ID or -1 for global. Cannot be used with the pgid parameter. | Optional |
| pgid | A specific protection group ID or -1 for global. Cannot be used with the cid parameter. | Optional |
| country | ISO-standardized country code or a comma-separated list of country codes. Can be retrieved by running the "na-ed-country-code-list" command. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-inbound-blacklisted-countries-remove country=AU
Human Readable Output#
Countries were successfully removed from the inbound block listed list
na-ed-outbound-blacklisted-hosts-list#
Gets the outbound block listed hosts. By default, 10 block listed hosts are returned.
Base Command#
na-ed-outbound-blacklisted-hosts-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | Comma-separated list of IPv4 host addresses or CIDRs. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results to retrieve. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundBlacklistHost.annotation | String | A description of the host. |
| NetscoutAED.OutboundBlacklistHost.host_address | String | IPv4 host address or CIDRs. |
| NetscoutAED.OutboundBlacklistHost.update_time | Date | The time the host was last updated/set. |
Command Example#
!na-ed-outbound-blacklisted-hosts-list
Context Example#
Human Readable Output#
Blacklisted Hosts#
Host Address Update Time 1.1.1.1 2021-05-24T08:58:07.000Z 2.2.2.2 2021-05-24T08:58:07.000Z
na-ed-outbound-blacklisted-hosts-add#
Adds one or more hosts to the outbound block list.
Base Command#
na-ed-outbound-blacklisted-hosts-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundBlacklistHost.annotation | String | A description of the host. |
| NetscoutAED.OutboundBlacklistHost.host_address | String | IPv4 host address or CIDRs. |
| NetscoutAED.OutboundBlacklistHost.update_time | Date | The time the host was last updated/set |
Command Example#
!na-ed-outbound-blacklisted-hosts-add host_address=1.2.3.4
Context Example#
Human Readable Output#
Hosts were successfully added to the outbound block list list
New Hosts#
Host Address Update Time 1.2.3.4 2021-05-24T08:58:07.000Z
na-ed-outbound-blacklisted-hosts-replace#
Replaces all the hosts on the outbound block listed list.
Base Command#
na-ed-outbound-blacklisted-hosts-replace
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundBlacklistHost.annotation | String | A description of the host. |
| NetscoutAED.OutboundBlacklistHost.host_address | String | IPv4 host address or CIDRs. |
| NetscoutAED.OutboundBlacklistHost.update_time | Date | The time the host was last updated/set. |
Command Example#
!na-ed-outbound-blacklisted-hosts-replace host_address=5.2.3.4
Context Example#
Human Readable Output#
Hosts were successfully replaced in the outbound block list list
New Hosts#
Host Address Update Time 5.2.3.4 2021-05-24T08:58:08.000Z
na-ed-outbound-blacklisted-hosts-remove#
Removes one or more hosts or CIDRS from the outbound block list.
Base Command#
na-ed-outbound-blacklisted-hosts-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 host address or CIDR to remove, or a comma-separated list of IPv4 host addresses or CIDRs to remove. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-outbound-blacklisted-hosts-remove host_address=5.2.3.4
Human Readable Output#
Hosts were successfully removed from the outbound block list list
na-ed-outbound-whitelisted-hosts-list#
Gets the outbound allow listed hosts. By default, 10 hosts on allow list are returned.
Base Command#
na-ed-outbound-whitelisted-hosts-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | Comma-separated list of IPv4 host addresses or CIDRs. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | Maximal number of results to retrieve. Also sets the size of the returned page. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundWhitelistHost.annotation | String | A description of the host. |
| NetscoutAED.OutboundWhitelistHost.host_address | String | IPv4 host address or CIDRs. |
| NetscoutAED.OutboundWhitelistHost.update_time | Date | The time the host was last updated/set. |
Command Example#
!na-ed-outbound-whitelisted-hosts-list
Context Example#
Human Readable Output#
Whitelisted Hosts#
Host Address Update Time 4.4.4.4 2021-05-24T08:53:20.000Z
na-ed-outbound-whitelisted-hosts-add#
Adds one or more hosts to the outbound allow listed list.
Base Command#
na-ed-outbound-whitelisted-hosts-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs to add. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundWhitelistHost.annotation | String | A description of the host. |
| NetscoutAED.OutboundWhitelistHost.host_address | String | IPv4 host address or CIDRs. |
| NetscoutAED.OutboundWhitelistHost.update_time | Date | The time the host was last updated/set. |
Command Example#
!na-ed-outbound-whitelisted-hosts-add host_address=3.3.3.3
Context Example#
Human Readable Output#
Hosts were successfully added to the outbound allow list list
New Hosts#
Host Address Update Time 3.3.3.3 2021-05-24T08:58:19.000Z
na-ed-outbound-whitelisted-hosts-replace#
Replaces all the hosts on the outbound allow listed list.
Base Command#
na-ed-outbound-whitelisted-hosts-replace
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs to update. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.OutboundWhitelistHost.annotation | String | A description of the host. |
| NetscoutAED.OutboundWhitelistHost.host_address | String | IPv4 host address or CIDRs. |
| NetscoutAED.OutboundWhitelistHost.update_time | Date | The time the host was last updated/set. |
Command Example#
!na-ed-outbound-whitelisted-hosts-replace host_address=3.3.3.3,4.4.4.4
Context Example#
Human Readable Output#
Hosts were successfully replaced in the outbound allow list list
New Hosts#
Host Address Update Time 3.3.3.3 2021-05-24T08:58:21.000Z 4.4.4.4 2021-05-24T08:58:21.000Z
na-ed-protection-groups-update#
Updates the settings for one or more protection groups.
Base Command#
na-ed-protection-groups-update
Input#
| Argument Name | Description | Required |
|---|---|---|
| pgid | List of protection group IDs. | Required |
| active | Set the protection group mode to active (true) or inactive (false). Default: true. Possible values are: true, false. | Optional |
| protection_level | The protection level (None = use the global protection level, low, medium, high). Default: low. Possible values are: None, low, medium, high. | Optional |
| profiling | Turn traffic profiling on (true) or off (false) for one or more of the protection groups. Possible values are: true, false. | Optional |
| profiling_duration | Required when profiling is set to true. Specify the number of days, from 1 to 14, over which profiling will run. Possible values are: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.ProtectionGroup.active | Boolean | True if the protection group mode is active, false if inactive. |
| NetscoutAED.ProtectionGroup.bps_dropped | Number | Number of dropped bps. |
| NetscoutAED.ProtectionGroup.bps_passed | Number | Number of passed bps. |
| NetscoutAED.ProtectionGroup.bytes_dropped | Number | Number of dropped bytes. |
| NetscoutAED.ProtectionGroup.bytes_passed | Unknown | Number of passed bytes. |
| NetscoutAED.ProtectionGroup.description | String | Description of the protection group. |
| NetscoutAED.ProtectionGroup.name | String | Protection group name. |
| NetscoutAED.ProtectionGroup.packets_dropped | Number | Number of dropped packets. |
| NetscoutAED.ProtectionGroup.packets_passed | Number | Number of passed packets. |
| NetscoutAED.ProtectionGroup.pgid | Number | Protection group identifier. |
| NetscoutAED.ProtectionGroup.pps_passed | Number | Number of passed pps. |
| NetscoutAED.ProtectionGroup.pps_dropped | Number | Number of dropped pps. |
| NetscoutAED.ProtectionGroup.prefixes | Unknown | List of โ,โ delimited prefixes belonging to the protection group. |
| NetscoutAED.ProtectionGroup.profiling | Boolean | A traffic profile capture for a protection groupโs rate-based protection settings is running (true) or not (false). |
| NetscoutAED.ProtectionGroup.profiling_duration | Number | The duration, in days, of an active traffic profile capture. A 0 indicates that profiling is not active. |
| NetscoutAED.ProtectionGroup.profiling_start | Date | A UNIX epoch timestamp that indicates when a traffic profile capture began. A 0 indicates that profiling was never started. |
| NetscoutAED.ProtectionGroup.protection_level | Unknown | The protection level (None = use the global protection level, low, medium, high). |
| NetscoutAED.ProtectionGroup.server_name | String | The protection groupโs server name. |
| NetscoutAED.ProtectionGroup.server_type | Number | The protection groupโs server type. |
| NetscoutAED.ProtectionGroup.time_created | Date | The time when the protection group was created. |
Command Example#
!na-ed-protection-groups-update pgid=52 active=false
Context Example#
Human Readable Output#
Successfully updated the protection group object with protection group id: 52
Protection Groups#
Name Pgid Protection Level Active Server Name Profiling Profiling Duration Time Created test2 52 global protection level false test2 false 0 2021-04-13T14:41:23.000Z
na-ed-protection-groups-list#
Gets a list of the protection groups.
Base Command#
na-ed-protection-groups-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| pgid | Protection group identifier. | Optional |
| name | Protection group name. | Optional |
| active | Whether the protection group is active or not. Possible values are: true, false. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (For example: "AZ+BS"). | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.ProtectionGroup.active | Boolean | True if the protection group mode is active, false if inactive. |
| NetscoutAED.ProtectionGroup.bps_dropped | Number | Number of dropped bps. |
| NetscoutAED.ProtectionGroup.bps_passed | Number | Number of passed bps. |
| NetscoutAED.ProtectionGroup.bytes_dropped | Number | Number of dropped bytes. |
| NetscoutAED.ProtectionGroup.bytes_passed | Unknown | Number of passed bytes. |
| NetscoutAED.ProtectionGroup.description | String | Description of the protection group. |
| NetscoutAED.ProtectionGroup.name | String | Protection group name. |
| NetscoutAED.ProtectionGroup.packets_dropped | Number | Number of dropped packets. |
| NetscoutAED.ProtectionGroup.packets_passed | Number | Number of passed packets. |
| NetscoutAED.ProtectionGroup.pgid | Number | Protection group identifier. |
| NetscoutAED.ProtectionGroup.pps_passed | Number | Number of passed pps. |
| NetscoutAED.ProtectionGroup.pps_dropped | Number | Number of dropped pps. |
| NetscoutAED.ProtectionGroup.prefixes | Unknown | Comma-separated list of prefixes belonging to the protection group. |
| NetscoutAED.ProtectionGroup.profiling | Boolean | A traffic profile capture for a protection groupโs rate-based protection settings is running (true) or not (false). |
| NetscoutAED.ProtectionGroup.profiling_duration | Number | The duration, in days, of an active traffic profile capture. A 0 indicates that profiling is not active. |
| NetscoutAED.ProtectionGroup.profiling_start | Date | A UNIX epoch timestamp that indicates when a traffic profile capture began. A 0 indicats that profiling was never started. |
| NetscoutAED.ProtectionGroup.protection_level | Unknown | The protection level (None = use the global protection level, low, medium, high). |
| NetscoutAED.ProtectionGroup.server_name | String | The protection groupโs server name. |
| NetscoutAED.ProtectionGroup.server_type | Number | The protection groupโs server type. |
| NetscoutAED.ProtectionGroup.time_created | Date | The time when the protection group was created. |
| NetscoutAED.ProtectionGroup.cid | Number | Central configuration ID. |
Command Example#
!na-ed-protection-groups-list active=true
Context Example#
Human Readable Output#
Protection Groups#
Name Pgid Protection Level Active Server Name Profiling Profiling Duration Time Created test2 52 global protection level true test2 false 0 2021-04-13T14:41:23.000Z
na-ed-inbound-blacklisted-hosts-list#
Gets the inbound block listed hosts. By default, 10 block listed hosts are returned. To return block listed hosts for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects hosts that are globally block listed.
Base Command#
na-ed-inbound-blacklisted-hosts-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | List of โ,โ delimited IPv4 host addresses or CIDRs. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (For example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results to retrieve. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistHost.annotation | Unknown | List of messages associated with each host in the inbound block list. |
| NetscoutAED.InboundBlacklistHost.cid | Unknown | List of central configuration IDs. |
| NetscoutAED.InboundBlacklistHost.host_address | String | IPv4 host addresses or CIDRs. |
| NetscoutAED.InboundBlacklistHost.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistHost.update_time | Date | The time that the host address was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-hosts-list
Context Example#
Human Readable Output#
Blacklisted Hosts#
Host Address Pgid Cid Update Time Annotation 1.1.1.1 -1 -1 2021-05-24T08:58:13.000Z
na-ed-inbound-blacklisted-hosts-add#
Adds one or more hosts to the inbound block listed list.
Base Command#
na-ed-inbound-blacklisted-hosts-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistHost.annotation | Unknown | List of messages associated with each host in the inbound block list. |
| NetscoutAED.InboundBlacklistHost.cid | Unknown | List of central configuration IDs |
| NetscoutAED.InboundBlacklistHost.host_address | String | IPv4 host addresses or CIDRs. |
| NetscoutAED.InboundBlacklistHost.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistHostupdate_time | Date | The time that the host address was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-hosts-add host_address=1.2.3.4
Context Example#
Human Readable Output#
Hosts were successfully added to the inbound block list list
New Hosts#
Host Address Pgid Cid Update Time Annotation 1.2.3.4 -1 -1 2021-05-24T08:58:13.000Z
na-ed-inbound-blacklisted-hosts-replace#
Replaces all the hosts on the inbound block list.
Base Command#
na-ed-inbound-blacklisted-hosts-replace
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistHost.annotation | Unknown | List of messages associated with each host in the inbound block list. |
| NetscoutAED.InboundBlacklistHost.cid | Unknown | List of central configuration IDs |
| NetscoutAED.InboundBlacklistHost.host_address | String | IPv4 host addresses or CIDRs. |
| NetscoutAED.InboundBlacklistHost.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistHost.update_time | Date | The time that the host address was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-hosts-replace host_address=5.2.3.4
Context Example#
Human Readable Output#
Hosts were successfully replaced in the inbound block list list
New Hosts#
Host Address Pgid Cid Update Time Annotation 5.2.3.4 -1 -1 2021-05-24T08:58:15.000Z
na-ed-inbound-blacklisted-hosts-remove#
Removes one or more hosts or CIDRs from the block list for a specific protection group or for all protection groups.
Base Command#
na-ed-inbound-blacklisted-hosts-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-inbound-blacklisted-hosts-remove host_address=5.2.3.4
Human Readable Output#
Hosts were successfully removed from the inbound block list list
na-ed-inbound-whitelisted-hosts-list#
Get the hosts on allow list. By default, 10 hosts on allow list are returned. To return hosts on allow list for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects hosts that are globally on allow list.
Base Command#
na-ed-inbound-whitelisted-hosts-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | Comma-separated list of IPv4 or IPv6 host addresses or CIDRs. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results to retrieve. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundWhitelistHost.annotation | Unknown | List of messages associated with each host in the inbound allow listed list. |
| NetscoutAED.InboundWhitelistHost.cid | Unknown | List of central configuration IDs |
| NetscoutAED.InboundWhitelistHost.host_address | String | IPv4 host addresses or CIDRs. |
| NetscoutAED.InboundWhitelistHost.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundWhitelistHost.update_time | Date | The time that the host address was added to the list. |
Command Example#
!na-ed-inbound-whitelisted-hosts-list
Human Readable Output#
Whitelisted Hosts#
Host Address Pgid Cid Update Time Annotation 2.2.2.2 -1 -1 2021-05-24T08:58:25.000Z
na-ed-inbound-whitelisted-hosts-add#
Adds one or more hosts to the inbound allow listed list.
Base Command#
na-ed-inbound-whitelisted-hosts-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs to add. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundWhitelistHost.annotation | Unknown | List of messages associated with each host in the inbound allow listed list. |
| NetscoutAED.InboundWhitelistHost.cid | Unknown | List of central configuration IDs |
| NetscoutAED.InboundWhitelistHost.host_address | String | IPv4 host addresses or CIDRs. |
| NetscoutAED.InboundWhitelistHost.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundWhitelistHost.update_time | Date | The time that the host address was added to the list. |
Command Example#
!na-ed-inbound-whitelisted-hosts-add host_address=1.2.3.4
Context Example#
Human Readable Output#
Hosts were successfully added to the inbound allow list list
New Hosts#
Host Address Pgid Cid Update Time Annotation 1.2.3.4 -1 -1 2021-05-24T08:58:25.000Z
na-ed-inbound-whitelisted-hosts-replace#
Replaces all the hosts on the inbound allow list.
Base Command#
na-ed-inbound-whitelisted-hosts-replace
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs to update. | Required |
| annotation | A single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundWhitelistHost.annotation | Unknown | List of messages associated with each host in the inbound allow listed list. |
| NetscoutAED.InboundWhitelistHost.cid | Unknown | List of central configuration IDs |
| NetscoutAED.InboundWhitelistHost.host_address | String | IPv4 host addresses or CIDRs. |
| NetscoutAED.InboundWhitelistHost.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundWhitelistHost.update_time | Date | The time that the host address was added to the list. |
Command Example#
!na-ed-inbound-whitelisted-hosts-replace host_address=5.2.3.4
Context Example#
Human Readable Output#
Hosts were successfully replaced in the inbound allow list list
New Hosts#
Host Address Pgid Cid Update Time Annotation 5.2.3.4 -1 -1 2021-05-24T08:58:26.000Z
na-ed-inbound-whitelisted-hosts-remove#
Removes one or more hosts or CIDRs from the allow list for a specific protection group or for all protection groups.
Base Command#
na-ed-inbound-whitelisted-hosts-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs to remove. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-inbound-whitelisted-hosts-remove host_address=5.2.3.4
Human Readable Output#
Hosts were successfully removed from the inbound whitelist list
na-ed-inbound-blacklisted-domains-list#
Gets the block listed domains. By default, 10 block listed domains are returned. To return block listed domains for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects domains that are globally block listed.
Base Command#
na-ed-inbound-blacklisted-domains-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | Comma-separated list of central configuration IDs. Cannot be used with the pgid parameter. | Optional |
| pgid | Comma-separated list of protection group IDs. Cannot be used with the cid parameter. | Optional |
| domain | Comma-separated list of domains. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | The maximum number of results to retrieve. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistDomain.annotation | Unknown | List of messages associated with each domain in the inbound block list. |
| NetscoutAED.InboundBlacklistDomain.cid | Unknown | List of central configuration IDs. |
| NetscoutAED.InboundBlacklistDomain.domain | String | Domain name. |
| NetscoutAED.InboundBlacklistDomain.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistDomain.update_time | Date | The time that the domain was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-domains-list
Context Example#
Human Readable Output#
Blacklisted Domains#
Domain Pgid Cid Update Time Annotation sport.co.il -1 -1 2021-03-15T16:00:24.000Z try1 sport.com -1 -1 2021-03-18T17:25:26.000Z ynet.com -1 -1 2021-03-18T16:49:50.000Z
na-ed-inbound-blacklisted-domains-add#
Adds one or more domains to the block list by pgid or cid.
Base Command#
na-ed-inbound-blacklisted-domains-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | A specific central configuration ID or -1 for global. Cannot be used with the pgid parameter. | Optional |
| pgid | A specific protection group ID or -1 for global. Cannot be used with the cid parameter. | Optional |
| domain | Domain name or a comma-separated list of domain names. | Required |
| annotation | A message to associate with each domain that you add to the block list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistDomain.annotation | Unknown | List of messages associated with each domain in the inbound blaok list. |
| NetscoutAED.InboundBlacklistDomain.cid | Unknown | List of central configuration IDs. |
| NetscoutAED.InboundBlacklistDomain.domain | String | Domain name. |
| NetscoutAED.InboundBlacklistDomain.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistDomain.update_time | Unknown | The time that the domain was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-domains-add domain=goo.com
Context Example#
Human Readable Output#
Domains were successfully added to the inbound block listed list
Added Domains#
Domain Pgid Cid Update Time goo.com -1 -1 2021-05-24T08:58:34.000Z
na-ed-inbound-blacklisted-domains-remove#
Removes one or more domains from the block list for a specific protection group or for all protection groups.
Base Command#
na-ed-inbound-blacklisted-domains-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| domain | Domain name or a comma-separated list of domain names. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-inbound-blacklisted-domains-remove domain=goo.com
Human Readable Output#
Domains were successfully removed from the inbound block listed list
na-ed-inbound-blacklisted-urls-list#
Gets the block listed URLs. By default, 10 block listed URLs are returned. To return block listed URLs for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects URLs that are globally block listed.
Base Command#
na-ed-inbound-blacklisted-urls-list
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | Comma-separated list of central configuration IDs. Cannot be used with the pgid parameter. | Optional |
| pgid | Comma-separated list of protection group IDs. Cannot be used with the cid parameter. | Optional |
| url | Comma-separated list of URLs. | Optional |
| query | Search strings, separated by โ+โ to filter the results. (example: "AZ+BS"). | Optional |
| page | The page of the results to return. | Optional |
| limit | Maximum number of results to retrieve. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistUrl.annotation | Unknown | List of messages associated with each URL in the inbound block list. |
| NetscoutAED.InboundBlacklistUrl.cid | Unknown | List of central configuration ID.s |
| NetscoutAED.InboundBlacklistUrl.url | String | URL address. |
| NetscoutAED.InboundBlacklistUrl.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistUrl.update_time | Date | The time that the domain was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-urls-list limit=3
Context Example#
Human Readable Output#
Blacklisted URLs#
Url Pgid Cid Update Time Annotation google.com -1 -1 2021-03-18T16:52:26.000Z maps.google.com -1 -1 2021-03-18T18:08:39.000Z Google Maps maps.google.com/sport.com -1 -1 2021-03-18T18:08:27.000Z Google Maps
na-ed-inbound-blacklisted-urls-add#
Adds one or more URLs to the block list by pgid or cid.
Base Command#
na-ed-inbound-blacklisted-urls-add
Input#
| Argument Name | Description | Required |
|---|---|---|
| cid | A specific central configuration ID or -1 for global. Cannot be used with the pgid parameter. | Optional |
| pgid | A specific protection group ID or -1 for global. Cannot be used with the cid parameter. | Optional |
| url | URL or a comma-separated list of URLs to add. | Required |
| annotation | A message to associate with each URL that you add to the block list. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| NetscoutAED.InboundBlacklistUrl.annotation | Unknown | List of messages associated with each url in the inbound block list. |
| NetscoutAED.InboundBlacklistUrl.cid | Unknown | List of central configuration IDs |
| NetscoutAED.InboundBlacklistUrl.url | String | URL address. |
| NetscoutAED.InboundBlacklistUrl.pgid | Unknown | List of protection group ID. |
| NetscoutAED.InboundBlacklistUrl.update_time | Date | The time that the domain was added to the list. |
Command Example#
!na-ed-inbound-blacklisted-urls-add url=www.goo.com
Context Example#
Human Readable Output#
Urls were successfully added to the inbound block listed list
Added Urls#
Url Pgid Cid Update Time www.goo.com -1 -1 2021-05-24T08:58:39.000Z
na-ed-inbound-blacklisted-urls-remove#
Removes one or more URLs from the block list for a specific protection group or for all protection groups.
Base Command#
na-ed-inbound-blacklisted-urls-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| url | URL or a comma-separated list of URLs. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-inbound-blacklisted-urls-remove url=www.goo.com
Human Readable Output#
Urls were successfully removed from the inbound block listed list
na-ed-outbound-whitelisted-hosts-remove#
Removes one or more hosts or CIDRs from the outbound allow list.
Base Command#
na-ed-outbound-whitelisted-hosts-remove
Input#
| Argument Name | Description | Required |
|---|---|---|
| host_address | A single IPv4 host address or CIDR, or a comma-separated list of IPv4 host addresses or CIDRs to remove. | Required |
Context Output#
There is no context output for this command.
Command Example#
!na-ed-outbound-whitelisted-hosts-remove host_address=3.3.3.3
Human Readable Output#
Hosts were successfully removed from the outbound allow list list