Skip to main content

Netscout Arbor Edge Defense

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

The Netscout Arbor Edge Defense (AED) integration enables you to block and allow outbound and inbound traffic.

What does this pack do?#

Using the Netscout AED integration you can:

  • Get, add, and remove hosts, countries, domains, and URLs from the inbound blacklist.
  • Get, add, and remove hosts from the inbound whitelist.
  • Get, add, and remove hosts and countries from the outbound blacklist.
  • Get, add, and remove hosts from the outbound whitelist.
  • Get and update the protection group (the IPv4 or IPv6 hosts that you need to protect).

Configure NetscoutAED on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for NetscoutAED.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URLTrue
    API TokenIf using 6.0.2 or lower version, put your API Key in the Password field, leave the User field empty.
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

na-ed-outbound-blacklisted-countries-list#


Gets the countries on the outbound blacklist. By default, 10 blacklisted countries are returned.

Base Command#

na-ed-country-code-list#


Gets a country or list of countries (country name and ISO-standardized country code).

Base Command#

na-ed-country-code-list

Input#

Argument NameDescriptionRequired
querySearch strings, separated by “+” to filter the results. (For example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results returned per page. Default: 10.Optional

Context Output#

PathTypeDescription
NetscoutAED.Country.country_nameStringThe country's name.
NetscoutAED.Country.iso_codeStringThe ISO-standardized country code.

Command Example#

!na-ed-country-code-list limit=5

Context Example#

{
"NetscoutAED": {
"Country": [
{
"country_name": "6to4 Relay Anycast",
"iso_code": "XF"
},
{
"country_name": "Afghanistan",
"iso_code": "AF"
},
{
"country_name": "Aland Islands",
"iso_code": "AX"
},
{
"country_name": "Albania",
"iso_code": "AL"
},
{
"country_name": "Algeria",
"iso_code": "DZ"
}
]
}
}

Human Readable Output#

Netscout AED Countries List#

Country NameIso Code
6to4 Relay AnycastXF
AfghanistanAF
Aland IslandsAX
AlbaniaAL
AlgeriaDZ

na-ed-outbound-blacklisted-countries-list

Input#

Argument NameDescriptionRequired
countryAn ISO-standardized country code to get a specific country in the results. Can be retrieved by running the "na-ed-country-code-list" command.Optional
querySearch strings, separated by “+” to filter the results. (For example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results returned per page. Default: 10.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundBlacklistCountry.annotationStringA message associated with each country in the outbound blacklist.
NetscoutAED.OutboundBlacklistCountry.countryStringAn ISO-standardized country code.
NetscoutAED.OutboundBlacklistCountry.update_timeDateThe time that the country code was added to the list.

Command Example#

!na-ed-outbound-blacklisted-countries-list

Context Example#

{
"NetscoutAED": {
"OutboundBlacklistCountry": [
{
"annotation": "example1",
"country": "AZ",
"update_time": "2021-04-13T13:06:43.000Z"
},
{
"annotation": "example2",
"country": "IS",
"update_time": "2021-04-19T15:28:13.000Z"
}
]
}
}

Human Readable Output#

Blacklisted Countries#

CountryUpdate TimeAnnotation
AZ2021-04-13T13:06:43.000Zexample1
IS2021-04-19T15:28:13.000Zexample2

na-ed-outbound-blacklisted-countries-add#


Adds one or more countries to the outbound blacklist.

Base Command#

na-ed-outbound-blacklisted-countries-add

Input#

Argument NameDescriptionRequired
countryAn ISO-standardized country code or a comma-separated list of country codes. Can be retrieved by running the "na-ed-country-code-list" command.Required
annotationA message to associate with each country that you add to the outbound blacklist.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundBlacklistCountry.annotationStringA message associated with each country in the outbound blacklist.
NetscoutAED.OutboundBlacklistCountry.countryStringAn ISO-standardized country code.
NetscoutAED.OutboundBlacklistCountry.update_timeDateThe time that the country code was added to the list.

Command Example#

!na-ed-outbound-blacklisted-countries-add country=AU

Context Example#

{
"NetscoutAED": {
"OutboundBlacklistCountry": {
"annotation": null,
"country": "AU",
"update_time": "2021-05-24T08:58:03.000Z"
}
}
}

Human Readable Output#

Countries were successfully added to the outbound blacklisted list

Added Countries#

CountryUpdate Time
AU2021-05-24T08:58:03.000Z

na-ed-outbound-blacklisted-countries-remove#


Removes one or more countries from the outbound blacklist.

Base Command#

na-ed-outbound-blacklisted-countries-remove

Input#

Argument NameDescriptionRequired
countryAn ISO-standardized country code or a comma-separated list of ISO-standardized country codes to remove. Can be retrieved by running the "na-ed-country-code-list" command.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-outbound-blacklisted-countries-remove country=AU

Human Readable Output#

Countries were successfully removed from the outbound blacklisted list

na-ed-inbound-blacklisted-countries-list#


Gets the inbound blacklisted countries. By default, 10 blacklisted countries are returned. To return blacklisted countries for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects countries that are globally blacklisted.

Base Command#

na-ed-inbound-blacklisted-countries-list

Input#

Argument NameDescriptionRequired
cidA comma-separated list of central configuration IDs. Cannot be used with the pgid parameter.Optional
pgidA comma-separated list of protection group IDs. Cannot be used with the cid parameter.Optional
countryAn ISO-standardized country code to get a specific country in the results. Can be retrieved by running the "na-ed-country-code-list" command.Optional
querySearch strings, separated by “+” to filter the results. (For example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results returned per page. Default: 10.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistCountry.annotationUnknownList of messages associated with each country in the inbound blacklist.
NetscoutAED.InboundBlacklistCountry.cidUnknownList of central configuration IDs.
NetscoutAED.InboundBlacklistCountry.countryStringAn ISO-standardized country code.
NetscoutAED.InboundBlacklistCountry.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistCountry.update_timeDateThe time that the country code was added to the list.

Command Example#

!na-ed-inbound-blacklisted-countries-list country=AM

Context Example#

{
"NetscoutAED": {
"InboundBlacklistCountry": {
"annotation": [
"example1"
],
"cid": [],
"country": "AM",
"pgid": [
52
],
"update_time": "2021-04-19T15:36:00.000Z"
}
}
}

Human Readable Output#

Blacklisted Countries#

CountryUpdate TimeAnnotationPgid
AM2021-04-19T15:36:00.000Zexample152

na-ed-inbound-blacklisted-countries-add#


Adds one or more countries to the inbound blacklist by pgid or cid.

Base Command#

na-ed-inbound-blacklisted-countries-add

Input#

Argument NameDescriptionRequired
cidA specific central configuration ID or -1 for global. Cannot be used with the pgid parameter.Optional
pgidA specific protection group ID or -1 for global. Cannot be used with the cid parameter.Optional
annotationA message to associate with each country that you add to the blacklist.Optional
countryISO-standardized country code or a comma-separated list of country codes. Can be retrieved by running the "na-ed-country-code-list" command.Required

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistCountry.annotationUnknownList of messages associated with each country in the outbound blacklist.
NetscoutAED.InboundBlacklistCountry.cidUnknownList of central configuration IDs.
NetscoutAED.InboundBlacklistCountry.countryStringAn ISO-standardized country code.
NetscoutAED.InboundBlacklistCountry.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistCountry.update_timeDateThe time that the country code was added to the list.

Command Example#

!na-ed-inbound-blacklisted-countries-add country=AU

Context Example#

{
"NetscoutAED": {
"InboundBlacklistCountry": {
"annotation": [],
"cid": [
-1
],
"country": "AU",
"pgid": [
-1
],
"update_time": "2021-05-24T08:57:58.000Z"
}
}
}

Human Readable Output#

Countries were successfully added to the inbound blacklisted list

Added Countries#

CountryCidPgidUpdate Time
AU-1-12021-05-24T08:57:58.000Z

na-ed-inbound-blacklisted-countries-remove#


Removes one or more countries from the blacklist for a specific protection group or for all protection groups.

Base Command#

na-ed-inbound-blacklisted-countries-remove

Input#

Argument NameDescriptionRequired
cidA specific central configuration ID or -1 for global. Cannot be used with the pgid parameter.Optional
pgidA specific protection group ID or -1 for global. Cannot be used with the cid parameter.Optional
countryISO-standardized country code or a comma-separated list of country codes. Can be retrieved by running the "na-ed-country-code-list" command.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-inbound-blacklisted-countries-remove country=AU

Human Readable Output#

Countries were successfully removed from the inbound blacklisted list

na-ed-outbound-blacklisted-hosts-list#


Gets the outbound blacklisted hosts. By default, 10 blacklisted hosts are returned.

Base Command#

na-ed-outbound-blacklisted-hosts-list

Input#

Argument NameDescriptionRequired
host_addressComma-separated list of IPv4 host addresses or CIDRs.Optional
querySearch strings, separated by “+” to filter the results. (example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results to retrieve.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundBlacklistHost.annotationStringA description of the host.
NetscoutAED.OutboundBlacklistHost.host_addressStringIPv4 host address or CIDRs.
NetscoutAED.OutboundBlacklistHost.update_timeDateThe time the host was last updated/set.

Command Example#

!na-ed-outbound-blacklisted-hosts-list

Context Example#

{
"NetscoutAED": {
"OutboundBlacklistHost": [
{
"annotation": "",
"host_address": "1.1.1.1",
"update_time": "2021-05-24T08:58:07.000Z"
},
{
"annotation": "",
"host_address": "2.2.2.2",
"update_time": "2021-05-24T08:58:07.000Z"
}
]
}
}

Human Readable Output#

Blacklisted Hosts#

Host AddressUpdate Time
1.1.1.12021-05-24T08:58:07.000Z
2.2.2.22021-05-24T08:58:07.000Z

na-ed-outbound-blacklisted-hosts-add#


Adds one or more hosts to the outbound blacklist.

Base Command#

na-ed-outbound-blacklisted-hosts-add

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundBlacklistHost.annotationStringA description of the host.
NetscoutAED.OutboundBlacklistHost.host_addressStringIPv4 host address or CIDRs.
NetscoutAED.OutboundBlacklistHost.update_timeDateThe time the host was last updated/set

Command Example#

!na-ed-outbound-blacklisted-hosts-add host_address=1.2.3.4

Context Example#

{
"NetscoutAED": {
"OutboundBlacklistHost": {
"annotation": "",
"host_address": "1.2.3.4",
"update_time": "2021-05-24T08:58:07.000Z"
}
}
}

Human Readable Output#

Hosts were successfully added to the outbound blacklist list

New Hosts#

Host AddressUpdate Time
1.2.3.42021-05-24T08:58:07.000Z

na-ed-outbound-blacklisted-hosts-replace#


Replaces all the hosts on the outbound blacklisted list.

Base Command#

na-ed-outbound-blacklisted-hosts-replace

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundBlacklistHost.annotationStringA description of the host.
NetscoutAED.OutboundBlacklistHost.host_addressStringIPv4 host address or CIDRs.
NetscoutAED.OutboundBlacklistHost.update_timeDateThe time the host was last updated/set.

Command Example#

!na-ed-outbound-blacklisted-hosts-replace host_address=5.2.3.4

Context Example#

{
"NetscoutAED": {
"OutboundBlacklistHost": {
"annotation": "",
"host_address": "5.2.3.4",
"update_time": "2021-05-24T08:58:08.000Z"
}
}
}

Human Readable Output#

Hosts were successfully replaced in the outbound blacklist list

New Hosts#

Host AddressUpdate Time
5.2.3.42021-05-24T08:58:08.000Z

na-ed-outbound-blacklisted-hosts-remove#


Removes one or more hosts or CIDRS from the outbound blacklist.

Base Command#

na-ed-outbound-blacklisted-hosts-remove

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 host address or CIDR to remove, or a comma-separated list of IPv4 host addresses or CIDRs to remove.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-outbound-blacklisted-hosts-remove host_address=5.2.3.4

Human Readable Output#

Hosts were successfully removed from the outbound blacklist list

na-ed-outbound-whitelisted-hosts-list#


Gets the outbound whitelisted hosts. By default, 10 whitelisted hosts are returned.

Base Command#

na-ed-outbound-whitelisted-hosts-list

Input#

Argument NameDescriptionRequired
host_addressComma-separated list of IPv4 host addresses or CIDRs.Optional
querySearch strings, separated by “+” to filter the results. (example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitMaximal number of results to retrieve. Also sets the size of the returned page.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundWhitelistHost.annotationStringA description of the host.
NetscoutAED.OutboundWhitelistHost.host_addressStringIPv4 host address or CIDRs.
NetscoutAED.OutboundWhitelistHost.update_timeDateThe time the host was last updated/set.

Command Example#

!na-ed-outbound-whitelisted-hosts-list

Context Example#

{
"NetscoutAED": {
"OutboundWhitelistHost": {
"annotation": "",
"host_address": "4.4.4.4",
"update_time": "2021-05-24T08:53:20.000Z"
}
}
}

Human Readable Output#

Whitelisted Hosts#

Host AddressUpdate Time
4.4.4.42021-05-24T08:53:20.000Z

na-ed-outbound-whitelisted-hosts-add#


Adds one or more hosts to the outbound whitelisted list.

Base Command#

na-ed-outbound-whitelisted-hosts-add

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs to add.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundWhitelistHost.annotationStringA description of the host.
NetscoutAED.OutboundWhitelistHost.host_addressStringIPv4 host address or CIDRs.
NetscoutAED.OutboundWhitelistHost.update_timeDateThe time the host was last updated/set.

Command Example#

!na-ed-outbound-whitelisted-hosts-add host_address=3.3.3.3

Context Example#

{
"NetscoutAED": {
"OutboundWhitelistHost": {
"annotation": "",
"host_address": "3.3.3.3",
"update_time": "2021-05-24T08:58:19.000Z"
}
}
}

Human Readable Output#

Hosts were successfully added to the outbound whitelist list

New Hosts#

Host AddressUpdate Time
3.3.3.32021-05-24T08:58:19.000Z

na-ed-outbound-whitelisted-hosts-replace#


Replaces all the hosts on the outbound whitelisted list.

Base Command#

na-ed-outbound-whitelisted-hosts-replace

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 host address or CIDR or a comma-separated list of IPv4 host addresses or CIDRs to update.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.OutboundWhitelistHost.annotationStringA description of the host.
NetscoutAED.OutboundWhitelistHost.host_addressStringIPv4 host address or CIDRs.
NetscoutAED.OutboundWhitelistHost.update_timeDateThe time the host was last updated/set.

Command Example#

!na-ed-outbound-whitelisted-hosts-replace host_address=3.3.3.3,4.4.4.4

Context Example#

{
"NetscoutAED": {
"OutboundWhitelistHost": [
{
"annotation": "",
"host_address": "3.3.3.3",
"update_time": "2021-05-24T08:58:21.000Z"
},
{
"annotation": "",
"host_address": "4.4.4.4",
"update_time": "2021-05-24T08:58:21.000Z"
}
]
}
}

Human Readable Output#

Hosts were successfully replaced in the outbound whitelist list

New Hosts#

Host AddressUpdate Time
3.3.3.32021-05-24T08:58:21.000Z
4.4.4.42021-05-24T08:58:21.000Z

na-ed-protection-groups-update#


Updates the settings for one or more protection groups.

Base Command#

na-ed-protection-groups-update

Input#

Argument NameDescriptionRequired
pgidList of protection group IDs.Required
activeSet the protection group mode to active (true) or inactive (false). Default: true. Possible values are: true, false.Optional
protection_levelThe protection level (None = use the global protection level, low, medium, high). Default: low. Possible values are: None, low, medium, high.Optional
profilingTurn traffic profiling on (true) or off (false) for one or more of the protection groups. Possible values are: true, false.Optional
profiling_durationRequired when profiling is set to true. Specify the number of days, from 1 to 14, over which profiling will run. Possible values are: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14.Optional

Context Output#

PathTypeDescription
NetscoutAED.ProtectionGroup.activeBooleanTrue if the protection group mode is active, false if inactive.
NetscoutAED.ProtectionGroup.bps_droppedNumberNumber of dropped bps.
NetscoutAED.ProtectionGroup.bps_passedNumberNumber of passed bps.
NetscoutAED.ProtectionGroup.bytes_droppedNumberNumber of dropped bytes.
NetscoutAED.ProtectionGroup.bytes_passedUnknownNumber of passed bytes.
NetscoutAED.ProtectionGroup.descriptionStringDescription of the protection group.
NetscoutAED.ProtectionGroup.nameStringProtection group name.
NetscoutAED.ProtectionGroup.packets_droppedNumberNumber of dropped packets.
NetscoutAED.ProtectionGroup.packets_passedNumberNumber of passed packets.
NetscoutAED.ProtectionGroup.pgidNumberProtection group identifier.
NetscoutAED.ProtectionGroup.pps_passedNumberNumber of passed pps.
NetscoutAED.ProtectionGroup.pps_droppedNumberNumber of dropped pps.
NetscoutAED.ProtectionGroup.prefixesUnknownList of ‘,’ delimited prefixes belonging to the protection group.
NetscoutAED.ProtectionGroup.profilingBooleanA traffic profile capture for a protection group’s rate-based protection settings is running (true) or not (false).
NetscoutAED.ProtectionGroup.profiling_durationNumberThe duration, in days, of an active traffic profile capture. A 0 indicates that profiling is not active.
NetscoutAED.ProtectionGroup.profiling_startDateA UNIX epoch timestamp that indicates when a traffic profile capture began. A 0 indicates that profiling was never started.
NetscoutAED.ProtectionGroup.protection_levelUnknownThe protection level (None = use the global protection level, low, medium, high).
NetscoutAED.ProtectionGroup.server_nameStringThe protection group’s server name.
NetscoutAED.ProtectionGroup.server_typeNumberThe protection group’s server type.
NetscoutAED.ProtectionGroup.time_createdDateThe time when the protection group was created.

Command Example#

!na-ed-protection-groups-update pgid=52 active=false

Context Example#

{
"NetscoutAED": {
"ProtectionGroup": {
"active": false,
"bps_dropped": 0,
"bps_passed": 0,
"bytes_dropped": 0,
"bytes_passed": 0,
"description": "",
"name": "test2",
"packets_dropped": 0,
"packets_passed": 0,
"pgid": 52,
"pps_dropped": 0,
"pps_passed": 0,
"prefixes": [
"1.1.1.1/32"
],
"profiling": false,
"profiling_duration": 0,
"profiling_start": 0,
"protection_level": "global protection level",
"server_name": "test2",
"server_type": 35,
"time_created": "2021-04-13T14:41:23.000Z"
}
}
}

Human Readable Output#

Successfully updated the protection group object with protection group id: 52

Protection Groups#

NamePgidProtection LevelActiveServer NameProfilingProfiling DurationTime Created
test252global protection levelfalsetest2false02021-04-13T14:41:23.000Z

na-ed-protection-groups-list#


Gets a list of the protection groups.

Base Command#

na-ed-protection-groups-list

Input#

Argument NameDescriptionRequired
pgidProtection group identifier.Optional
nameProtection group name.Optional
activeWhether the protection group is active or not. Possible values are: true, false.Optional
querySearch strings, separated by “+” to filter the results. (For example: "AZ+BS").Optional

Context Output#

PathTypeDescription
NetscoutAED.ProtectionGroup.activeBooleanTrue if the protection group mode is active, false if inactive.
NetscoutAED.ProtectionGroup.bps_droppedNumberNumber of dropped bps.
NetscoutAED.ProtectionGroup.bps_passedNumberNumber of passed bps.
NetscoutAED.ProtectionGroup.bytes_droppedNumberNumber of dropped bytes.
NetscoutAED.ProtectionGroup.bytes_passedUnknownNumber of passed bytes.
NetscoutAED.ProtectionGroup.descriptionStringDescription of the protection group.
NetscoutAED.ProtectionGroup.nameStringProtection group name.
NetscoutAED.ProtectionGroup.packets_droppedNumberNumber of dropped packets.
NetscoutAED.ProtectionGroup.packets_passedNumberNumber of passed packets.
NetscoutAED.ProtectionGroup.pgidNumberProtection group identifier.
NetscoutAED.ProtectionGroup.pps_passedNumberNumber of passed pps.
NetscoutAED.ProtectionGroup.pps_droppedNumberNumber of dropped pps.
NetscoutAED.ProtectionGroup.prefixesUnknownComma-separated list of prefixes belonging to the protection group.
NetscoutAED.ProtectionGroup.profilingBooleanA traffic profile capture for a protection group’s rate-based protection settings is running (true) or not (false).
NetscoutAED.ProtectionGroup.profiling_durationNumberThe duration, in days, of an active traffic profile capture. A 0 indicates that profiling is not active.
NetscoutAED.ProtectionGroup.profiling_startDateA UNIX epoch timestamp that indicates when a traffic profile capture began. A 0 indicats that profiling was never started.
NetscoutAED.ProtectionGroup.protection_levelUnknownThe protection level (None = use the global protection level, low, medium, high).
NetscoutAED.ProtectionGroup.server_nameStringThe protection group’s server name.
NetscoutAED.ProtectionGroup.server_typeNumberThe protection group’s server type.
NetscoutAED.ProtectionGroup.time_createdDateThe time when the protection group was created.
NetscoutAED.ProtectionGroup.cidNumberCentral configuration ID.

Command Example#

!na-ed-protection-groups-list active=true

Context Example#

{
"NetscoutAED": {
"ProtectionGroup": {
"active": false,
"bps_dropped": 0,
"bps_passed": 0,
"bytes_dropped": 0,
"bytes_passed": 0,
"description": "",
"name": "test2",
"packets_dropped": 0,
"packets_passed": 0,
"pgid": 52,
"pps_dropped": 0,
"pps_passed": 0,
"prefixes": [
"1.1.1.1/32"
],
"profiling": true,
"profiling_duration": 0,
"profiling_start": 0,
"protection_level": "global protection level",
"server_name": "test2",
"server_type": 35,
"time_created": "2021-04-13T14:41:23.000Z"
}
}
}

Human Readable Output#

Protection Groups#

NamePgidProtection LevelActiveServer NameProfilingProfiling DurationTime Created
test252global protection leveltruetest2false02021-04-13T14:41:23.000Z

na-ed-inbound-blacklisted-hosts-list#


Gets the inbound blacklisted hosts. By default, 10 blacklisted hosts are returned. To return blacklisted hosts for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects hosts that are globally blacklisted.

Base Command#

na-ed-inbound-blacklisted-hosts-list

Input#

Argument NameDescriptionRequired
host_addressList of ‘,’ delimited IPv4 host addresses or CIDRs.Optional
querySearch strings, separated by “+” to filter the results. (For example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results to retrieve.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistHost.annotationUnknownList of messages associated with each host in the inbound blacklist.
NetscoutAED.InboundBlacklistHost.cidUnknownList of central configuration IDs.
NetscoutAED.InboundBlacklistHost.host_addressStringIPv4 host addresses or CIDRs.
NetscoutAED.InboundBlacklistHost.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistHost.update_timeDateThe time that the host address was added to the list.

Command Example#

!na-ed-inbound-blacklisted-hosts-list

Context Example#

{
"NetscoutAED": {
"InboundBlacklistHost": {
"annotation": [
""
],
"cid": [
-1
],
"host_address": "1.1.1.1",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:13.000Z"
}
}
}

Human Readable Output#

Blacklisted Hosts#

Host AddressPgidCidUpdate TimeAnnotation
1.1.1.1-1-12021-05-24T08:58:13.000Z

na-ed-inbound-blacklisted-hosts-add#


Adds one or more hosts to the inbound blacklisted list.

Base Command#

na-ed-inbound-blacklisted-hosts-add

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistHost.annotationUnknownList of messages associated with each host in the inbound blacklist.
NetscoutAED.InboundBlacklistHost.cidUnknownList of central configuration IDs
NetscoutAED.InboundBlacklistHost.host_addressStringIPv4 host addresses or CIDRs.
NetscoutAED.InboundBlacklistHost.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistHostupdate_timeDateThe time that the host address was added to the list.

Command Example#

!na-ed-inbound-blacklisted-hosts-add host_address=1.2.3.4

Context Example#

{
"NetscoutAED": {
"InboundBlacklistHost": {
"annotation": [
""
],
"cid": [
-1
],
"host_address": "1.2.3.4",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:13.000Z"
}
}
}

Human Readable Output#

Hosts were successfully added to the inbound blacklist list

New Hosts#

Host AddressPgidCidUpdate TimeAnnotation
1.2.3.4-1-12021-05-24T08:58:13.000Z

na-ed-inbound-blacklisted-hosts-replace#


Replaces all the hosts on the inbound blacklist.

Base Command#

na-ed-inbound-blacklisted-hosts-replace

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistHost.annotationUnknownList of messages associated with each host in the inbound blacklist.
NetscoutAED.InboundBlacklistHost.cidUnknownList of central configuration IDs
NetscoutAED.InboundBlacklistHost.host_addressStringIPv4 host addresses or CIDRs.
NetscoutAED.InboundBlacklistHost.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistHost.update_timeDateThe time that the host address was added to the list.

Command Example#

!na-ed-inbound-blacklisted-hosts-replace host_address=5.2.3.4

Context Example#

{
"NetscoutAED": {
"InboundBlacklistHost": {
"annotation": [
""
],
"cid": [
-1
],
"host_address": "5.2.3.4",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:15.000Z"
}
}
}

Human Readable Output#

Hosts were successfully replaced in the inbound blacklist list

New Hosts#

Host AddressPgidCidUpdate TimeAnnotation
5.2.3.4-1-12021-05-24T08:58:15.000Z

na-ed-inbound-blacklisted-hosts-remove#


Removes one or more hosts or CIDRs from the blacklist for a specific protection group or for all protection groups.

Base Command#

na-ed-inbound-blacklisted-hosts-remove

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-inbound-blacklisted-hosts-remove host_address=5.2.3.4

Human Readable Output#

Hosts were successfully removed from the inbound blacklist list

na-ed-inbound-whitelisted-hosts-list#


Get the whitelisted hosts. By default, 10 whitelisted hosts are returned. To return whitelisted hosts for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects hosts that are globally whitelisted.

Base Command#

na-ed-inbound-whitelisted-hosts-list

Input#

Argument NameDescriptionRequired
host_addressComma-separated list of IPv4 or IPv6 host addresses or CIDRs.Optional
querySearch strings, separated by “+” to filter the results. (example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results to retrieve.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundWhitelistHost.annotationUnknownList of messages associated with each host in the inbound whitelisted list.
NetscoutAED.InboundWhitelistHost.cidUnknownList of central configuration IDs
NetscoutAED.InboundWhitelistHost.host_addressStringIPv4 host addresses or CIDRs.
NetscoutAED.InboundWhitelistHost.pgidUnknownList of protection group ID.
NetscoutAED.InboundWhitelistHost.update_timeDateThe time that the host address was added to the list.

Command Example#

!na-ed-inbound-whitelisted-hosts-list

{
"NetscoutAED": {
"InboundWhitelistHost": {
"annotation": [
""
],
"cid": [
-1
],
"host_address": "2.2.2.2",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:25.000Z"
}
}
}

Human Readable Output#

Whitelisted Hosts#

Host AddressPgidCidUpdate TimeAnnotation
2.2.2.2-1-12021-05-24T08:58:25.000Z

na-ed-inbound-whitelisted-hosts-add#


Adds one or more hosts to the inbound whitelisted list.

Base Command#

na-ed-inbound-whitelisted-hosts-add

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs to add.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundWhitelistHost.annotationUnknownList of messages associated with each host in the inbound whitelisted list.
NetscoutAED.InboundWhitelistHost.cidUnknownList of central configuration IDs
NetscoutAED.InboundWhitelistHost.host_addressStringIPv4 host addresses or CIDRs.
NetscoutAED.InboundWhitelistHost.pgidUnknownList of protection group ID.
NetscoutAED.InboundWhitelistHost.update_timeDateThe time that the host address was added to the list.

Command Example#

!na-ed-inbound-whitelisted-hosts-add host_address=1.2.3.4

Context Example#

{
"NetscoutAED": {
"InboundWhitelistHost": {
"annotation": [
""
],
"cid": [
-1
],
"host_address": "1.2.3.4",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:25.000Z"
}
}
}

Human Readable Output#

Hosts were successfully added to the inbound whitelist list

New Hosts#

Host AddressPgidCidUpdate TimeAnnotation
1.2.3.4-1-12021-05-24T08:58:25.000Z

na-ed-inbound-whitelisted-hosts-replace#


Replaces all the hosts on the inbound whitelist.

Base Command#

na-ed-inbound-whitelisted-hosts-replace

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs to update.Required
annotationA single description that applies to all of the specified hosts or a comma-separated list of descriptions, each of which applies to a specific host.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundWhitelistHost.annotationUnknownList of messages associated with each host in the inbound whitelisted list.
NetscoutAED.InboundWhitelistHost.cidUnknownList of central configuration IDs
NetscoutAED.InboundWhitelistHost.host_addressStringIPv4 host addresses or CIDRs.
NetscoutAED.InboundWhitelistHost.pgidUnknownList of protection group ID.
NetscoutAED.InboundWhitelistHost.update_timeDateThe time that the host address was added to the list.

Command Example#

!na-ed-inbound-whitelisted-hosts-replace host_address=5.2.3.4

Context Example#

{
"NetscoutAED": {
"InboundWhitelistHost": {
"annotation": [
""
],
"cid": [
-1
],
"host_address": "5.2.3.4",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:26.000Z"
}
}
}

Human Readable Output#

Hosts were successfully replaced in the inbound whitelist list

New Hosts#

Host AddressPgidCidUpdate TimeAnnotation
5.2.3.4-1-12021-05-24T08:58:26.000Z

na-ed-inbound-whitelisted-hosts-remove#


Removes one or more hosts or CIDRs from the whitelist for a specific protection group or for all protection groups.

Base Command#

na-ed-inbound-whitelisted-hosts-remove

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs to remove.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-inbound-whitelisted-hosts-remove host_address=5.2.3.4

Human Readable Output#

Hosts were successfully removed from the inbound whitelist list

na-ed-inbound-blacklisted-domains-list#


Gets the blacklisted domains. By default, 10 blacklisted domains are returned. To return blacklisted domains for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects domains that are globally blacklisted.

Base Command#

na-ed-inbound-blacklisted-domains-list

Input#

Argument NameDescriptionRequired
cidComma-separated list of central configuration IDs. Cannot be used with the pgid parameter.Optional
pgidComma-separated list of protection group IDs. Cannot be used with the cid parameter.Optional
domainComma-separated list of domains.Optional
querySearch strings, separated by “+” to filter the results. (example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitThe maximum number of results to retrieve.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistDomain.annotationUnknownList of messages associated with each domain in the inbound blacklist.
NetscoutAED.InboundBlacklistDomain.cidUnknownList of central configuration IDs.
NetscoutAED.InboundBlacklistDomain.domainStringDomain name.
NetscoutAED.InboundBlacklistDomain.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistDomain.update_timeDateThe time that the domain was added to the list.

Command Example#

!na-ed-inbound-blacklisted-domains-list

Context Example#

{
"NetscoutAED": {
"InboundBlacklistDomain": [
{
"annotation": [
"try1"
],
"cid": [
-1
],
"domain": "sport.co.il",
"pgid": [
-1
],
"update_time": "2021-03-15T16:00:24.000Z"
},
{
"annotation": [],
"cid": [
-1
],
"domain": "sport.com",
"pgid": [
-1
],
"update_time": "2021-03-18T17:25:26.000Z"
},
{
"annotation": [],
"cid": [
-1
],
"domain": "ynet.com",
"pgid": [
-1
],
"update_time": "2021-03-18T16:49:50.000Z"
}
]
}
}

Human Readable Output#

Blacklisted Domains#

DomainPgidCidUpdate TimeAnnotation
sport.co.il-1-12021-03-15T16:00:24.000Ztry1
sport.com-1-12021-03-18T17:25:26.000Z
ynet.com-1-12021-03-18T16:49:50.000Z

na-ed-inbound-blacklisted-domains-add#


Adds one or more domains to the blacklist by pgid or cid.

Base Command#

na-ed-inbound-blacklisted-domains-add

Input#

Argument NameDescriptionRequired
cidA specific central configuration ID or -1 for global. Cannot be used with the pgid parameter.Optional
pgidA specific protection group ID or -1 for global. Cannot be used with the cid parameter.Optional
domainDomain name or a comma-separated list of domain names.Required
annotationA message to associate with each domain that you add to the blacklist.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistDomain.annotationUnknownList of messages associated with each domain in the inbound blacklist.
NetscoutAED.InboundBlacklistDomain.cidUnknownList of central configuration IDs.
NetscoutAED.InboundBlacklistDomain.domainStringDomain name.
NetscoutAED.InboundBlacklistDomain.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistDomain.update_timeUnknownThe time that the domain was added to the list.

Command Example#

!na-ed-inbound-blacklisted-domains-add domain=goo.com

Context Example#

{
"NetscoutAED": {
"InboundBlacklistDomain": {
"annotation": [],
"cid": [
-1
],
"domain": "goo.com",
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:34.000Z"
}
}
}

Human Readable Output#

Domains were successfully added to the inbound blacklisted list

Added Domains#

DomainPgidCidUpdate Time
goo.com-1-12021-05-24T08:58:34.000Z

na-ed-inbound-blacklisted-domains-remove#


Removes one or more domains from the blacklist for a specific protection group or for all protection groups.

Base Command#

na-ed-inbound-blacklisted-domains-remove

Input#

Argument NameDescriptionRequired
domainDomain name or a comma-separated list of domain names.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-inbound-blacklisted-domains-remove domain=goo.com

Human Readable Output#

Domains were successfully removed from the inbound blacklisted list

na-ed-inbound-blacklisted-urls-list#


Gets the blacklisted URLs. By default, 10 blacklisted URLs are returned. To return blacklisted URLs for specific protection groups, specify a list of protection group IDs or central configuration IDs. An ID of -1 selects URLs that are globally blacklisted.

Base Command#

na-ed-inbound-blacklisted-urls-list

Input#

Argument NameDescriptionRequired
cidComma-separated list of central configuration IDs. Cannot be used with the pgid parameter.Optional
pgidComma-separated list of protection group IDs. Cannot be used with the cid parameter.Optional
urlComma-separated list of URLs.Optional
querySearch strings, separated by “+” to filter the results. (example: "AZ+BS").Optional
pageThe page of the results to return.Optional
limitMaximum number of results to retrieve.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistUrl.annotationUnknownList of messages associated with each URL in the inbound blacklist.
NetscoutAED.InboundBlacklistUrl.cidUnknownList of central configuration ID.s
NetscoutAED.InboundBlacklistUrl.urlStringURL address.
NetscoutAED.InboundBlacklistUrl.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistUrl.update_timeDateThe time that the domain was added to the list.

Command Example#

!na-ed-inbound-blacklisted-urls-list limit=3

Context Example#

{
"NetscoutAED": {
"InboundBlacklistUrl": [
{
"annotation": [],
"cid": [
-1
],
"pgid": [
-1
],
"update_time": "2021-03-18T16:52:26.000Z",
"url": "google.com"
},
{
"annotation": [
"Google Maps"
],
"cid": [
-1
],
"pgid": [
-1
],
"update_time": "2021-03-18T18:08:39.000Z",
"url": "maps.google.com"
},
{
"annotation": [
"Google Maps"
],
"cid": [
-1
],
"pgid": [
-1
],
"update_time": "2021-03-18T18:08:27.000Z",
"url": "maps.google.com/sport.com"
}
]
}
}

Human Readable Output#

Blacklisted URLs#

UrlPgidCidUpdate TimeAnnotation
google.com-1-12021-03-18T16:52:26.000Z
maps.google.com-1-12021-03-18T18:08:39.000ZGoogle Maps
maps.google.com/sport.com-1-12021-03-18T18:08:27.000ZGoogle Maps

na-ed-inbound-blacklisted-urls-add#


Adds one or more URLs to the blacklist by pgid or cid.

Base Command#

na-ed-inbound-blacklisted-urls-add

Input#

Argument NameDescriptionRequired
cidA specific central configuration ID or -1 for global. Cannot be used with the pgid parameter.Optional
pgidA specific protection group ID or -1 for global. Cannot be used with the cid parameter.Optional
urlURL or a comma-separated list of URLs to add.Required
annotationA message to associate with each URL that you add to the blacklist.Optional

Context Output#

PathTypeDescription
NetscoutAED.InboundBlacklistUrl.annotationUnknownList of messages associated with each url in the inbound blacklist.
NetscoutAED.InboundBlacklistUrl.cidUnknownList of central configuration IDs
NetscoutAED.InboundBlacklistUrl.urlStringURL address.
NetscoutAED.InboundBlacklistUrl.pgidUnknownList of protection group ID.
NetscoutAED.InboundBlacklistUrl.update_timeDateThe time that the domain was added to the list.

Command Example#

!na-ed-inbound-blacklisted-urls-add url=www.goo.com

Context Example#

{
"NetscoutAED": {
"InboundBlacklistUrl": {
"annotation": [],
"cid": [
-1
],
"pgid": [
-1
],
"update_time": "2021-05-24T08:58:39.000Z",
"url": "www.goo.com"
}
}
}

Human Readable Output#

Urls were successfully added to the inbound blacklisted list

Added Urls#

UrlPgidCidUpdate Time
www.goo.com-1-12021-05-24T08:58:39.000Z

na-ed-inbound-blacklisted-urls-remove#


Removes one or more URLs from the blacklist for a specific protection group or for all protection groups.

Base Command#

na-ed-inbound-blacklisted-urls-remove

Input#

Argument NameDescriptionRequired
urlURL or a comma-separated list of URLs.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-inbound-blacklisted-urls-remove url=www.goo.com

Human Readable Output#

Urls were successfully removed from the inbound blacklisted list

na-ed-outbound-whitelisted-hosts-remove#


Removes one or more hosts or CIDRs from the outbound whitelist.

Base Command#

na-ed-outbound-whitelisted-hosts-remove

Input#

Argument NameDescriptionRequired
host_addressA single IPv4 host address or CIDR, or a comma-separated list of IPv4 host addresses or CIDRs to remove.Required

Context Output#

There is no context output for this command.

Command Example#

!na-ed-outbound-whitelisted-hosts-remove host_address=3.3.3.3

Human Readable Output#

Hosts were successfully removed from the outbound whitelist list