NETSCOUT Arbor Edge Defense
App Vendor: NETSCOUT
App Category: Data Enrichment and Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
Note
This app is currently released as a beta version.
About App
NETSCOUT Arbor Edge Defense is an inline security appliance deployed at the network perimeter that can automatically detect and block inbound threats and outbound malicious communication using highly scalable, stateless technology and unique, global threat intelligence.
The NETSCOUT Arbor Edge Defense app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Domains to Blocklist | This action adds one or more domains to the blocklist. |
Add Hosts to Inbound Allowlist | This action adds hosts to the inbound allowlist. |
Add Inbound Blocklisted Countries | This action adds one or more countries to the inbound blocklist. |
Add Inbound Blocklisted Hosts | This action adds one or more hosts to the inbound blocklisted list. |
Add Outbound Blocklisted Countries | This action adds one or more countries to the outbound blocklist. |
Add URLs to Blocklist | This action adds one or more URLs to the blocklist. |
Get Inbound Blocklisted Countries | This action retrieves the inbound blocklisted countries |
Get Inbound Blocklisted URL List | This action retrieves the inbound blocklisted URLs. |
Get Outbound Blocklisted Countries | This action retrieves the outbound blocklisted countries. |
List Blocklisted Domains | This action lists blocklisted domains. |
List Country Codes | This action retrieves a country or list of countries (country name and ISO-standardized country code). |
List Hosts on Inbound Allowlist | This action lists the hosts in the inbound allowlist. |
List Inbound Blocklisted Hosts | This action lists the inbound blocklisted hosts. |
List Protection Groups | This action lists protection groups. |
Remove Domains from Blocklist | This action removes one or more domains from the block list for a specific protection group or for all protection groups. |
Remove Hosts from Inbound Allowlist | This action removes one or more hosts or CIDRs from the allowlist for a specific protection group or for all protection groups. |
Remove Inbound Blocklisted Countries | This action removes countries from the inbound blocklist. |
Remove Inbound Blocklisted Hosts | This action removes hosts from the inbound blocklist. |
Remove Outbound Allowed Hosts | This action removes hosts from the outbound allowlist. |
Remove Outbound Blocklisted Countries | This action removes countries from the outbound blocklist. |
Remove URLs from Blocklist | Removes one or more URLs from the blocklist for a specific protection group or for all protection groups. |
Replace Inbound Allowed Hosts | This action replaces hosts on the inbound allowed list. |
Replace Inbound Blocklisted Hosts | This action replaces inbound blocklisted hosts. |
Replace Outbound Allowed Hosts | This action replaces hosts in the outbound allowlist. |
Replace Outbound Blocklisted Hosts | This action replaces hosts in the outbound blocklist. |
Generic Action | This is a generic action used to make requests to any NETSCOUT Arbor Edge Defense endpoint. |
Configuration Parameters
The following configuration parameters are required for the NETSCOUT Arbor Edge Defense app to communicate with the NETSCOUT Arbor Edge Defense enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the arbor edge defense base URL. | Text | Required | |
API Token | Enter the API token. | Password | Required | |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is not enabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with NETSCOUT Arbor Edge Defense. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Add Domains to Blocklist
This action adds one or more domains to the blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain name or a comma-separated list of domain names to be added to the blocklist. | Text | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | Enter -1 to add the domain to the global blocklist. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. Enter -1 to add the domain to the global blocklist. |
Extra Params | Enter any additional parameters to add domains to blocklist. | Key Value | Optional | Allowed key: annotation |
Action: Add Hosts to Inbound Allowlist
This action adds hosts to the inbound allowlist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 or IPv6 host address or CIDR or a comma-separated list of host addresses or CIDRs. | Text | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters to add hosts to the inbound allowlist. | Key Value | Optional | Allowed key: annotation |
Action: Add Inbound Blocklisted Countries
This action adds one or more countries to the inbound blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Country | Enter an ISO-standardized country code or a comma-separated list of country codes. | Text | Required | You can retrieve this using the action List Country Codes. |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | Enter -1 to add the country to the global blocklist. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. Enter -1 to add the country to the global blocklist. |
Extra Params | Enter any additional parameters. | Key Value | Optional | Allowed key: annotation |
Action: Add Inbound Blocklisted Hosts
This action adds one or more hosts to the inbound blocklisted list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs. | List | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters to add hosts. | Key Value | Optional | Allowed key: annotation |
Action: Add Outbound Blocklisted Countries
This action adds one or more countries to the outbound blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Country | Enter an ISO-standardized country code or a comma-separated list of country codes. | Text | Required | You can retrieve this using the action List Country Codes. |
Extra Params | Enter any additional parameters to add countries to outbound blocklist. | Key Value | Optional | Allowed key: annotation |
Action: Add URLs to Blocklist
This action adds one or more URLs to the blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the URL or a comma-separated list of URLs to add. | Text | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | Enter -1 to add URLs to the global blocklist. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. Enter -1 to add URLs to the global blocklist. |
Extra Params | Enter any additional parameters to add URLs to the blocklist. | Key Value | Optional | Allowed key: annotation |
Action: Get Inbound Blocklisted Countries
This action retrieves the inbound blocklisted countries.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | Enter -1 to retrieve globally blocklisted countries. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters to retrieve the inbound blocklisted countries. | Key Value | Optional | Allowed keys: country, updatetime, q, select, sort |
Results per Page | Enter the number of results to be returned on each page. | Integer | Optional | Default value: 10 |
Direction | Enter the direction to sort the response. | Text | Optional | Allowed values: asc and desc |
Page | Enter the page number to retrieve results from. | Integer | Optional |
Action: Get Inbound Blocklisted URL List
This action retrieves the inbound blocklisted URLs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | Enter -1 to retrieve globally blocklisted URLs. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters to retrieve inbound blocklisted URLs. | Key Value | Optional | |
Results per Page | Enter the number of results to be returned on each page. | Integer | Optional | Default value: 10 |
Direction | Enter the direction to sort the response. | Text | Optional | Allowed values: asc, desc |
Page | Enter the page number to retrieve results from. | Integer | Optional |
Action: Get Outbound Blocklisted Countries
This action retrieves the outbound blocklisted countries.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter any additional parameters to retrieve outbound blocklisted countries. | Key Value | Optional | Allowed keys: country, updatetime, q, select, sort |
Results per Page | Enter the number of results to retrieve on each page. | Integer | Optional | Default value: 10 |
Direction | Enter the direction to sort the response. | Text | Optional | Allowed values: asc, desc Default value: asc |
Page | Enter the page number to retrieve results from. | Integer | Optional |
Action: List Blocklisted Domains
This action lists blocklisted domains.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | Enter -1 to list globally blocklisted domains. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters to list blocklisted domains. | Key Value | Optional | |
Results per Page | Enter the number of results to retrieve on each page. | Integer | Optional | Default value: 10 |
Direction | Enter the direction to sort the response. | Text | Optional | Allowed values: asc, desc |
Page | Enter the page number to retrieve results from. | Integer | Optional |
Action: List Country Codes
This action retrieves a country or list of countries.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Parameters | Enter the extra parameters to list country codes. | Key Value | Optional | Allowed keys: sort, q, select, direction, page, perpage |
Action: List Hosts on Inbound Allowlist
This action lists the hosts from the inbound allowlist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | Enter -1 to list globally allowed hosts. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters for listing. | Key Value | Optional | Allowed keys: sort, q, select, direction, page, perpage |
Results per Page | Enter the number of results to be retrieved on each page. | Integer | Optional | Default value: 10 |
Direction | Enter the direction to sort the response. | Text | Optional | Allowed value: asc, desc |
Page | Enter the page number to retrieve results from. | Integer | Optional |
Action: List Inbound Blocklisted Hosts
This action gets the inbound blocklisted hosts
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | Enter -1 to list globally blocklisted hosts. |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | List | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters to list inbound blacklisted hosts. | Key Value | Optional | Allowed keys: country, updatetime, q, select, sort |
Results per Page | Enter the number of results to retrieve on each page. | Integer | Optional | Default value: 10 |
Direction | Enter the direction to sort the response. | Text | Optional | Allowed values: asc, desc |
Page | Enter the page number to retrieve results from. | Integer | Optional |
Action: List Protection Groups
This action lists protection groups.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter any additional parameters to list protection groups. | Key Value | Optional | Allowed keys: pgid, name, active, query |
Action: Remove Domains from Blocklist
This action removes one or more domains from the block list for a specific protection group or for all protection groups.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain name or a comma-separated list of domain names to be removed from the block list. | Text | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Remove Hosts from Inbound Allowlist
This action removes one or more hosts or CIDRs from the allowlist for a specific protection group or for all protection groups
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter the IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs to remove. | Text | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Remove Inbound Blocklisted Countries
This action removes countries from the inbound blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Country | Enter an ISO-standardized country code or a comma-separated list of country codes. | Text | Required | You can retrieve this using the action List Country Codes. |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Action: Remove Inbound Blocklisted Hosts
This action removes hosts from the inbound blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs. | Text | Optional | You can retrieve this using the action List Inbound Blocklisted Hosts. |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Remove Outbound Allowed Hosts
This action removes hosts from the outbound allowlist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter an IPv4 host address or CIDR, or a comma-separated list of IPv4 host addresses or CIDRs to remove. | List | Required |
Action: Remove Outbound Blocklisted Countries
This action removes countries from the outbound blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Country | Enter an ISO-standardized country code or a comma-separated list of country codes. | Text | Required | You can retrieve this using the action List Country Codes. |
Action: Remove URLs from Blocklist
This action removes one or more URLs from the blocklist for a specific protection group or for all protection groups.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL List | Enter the URL or a comma-separated list of URLs to remove. | Text | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Action: Replace Inbound Allowed Hosts
This action replaces hosts on the inbound allowed list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs to update. | List | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Replace Inbound Blocklisted Hosts
This action replaces inbound blocklisted hosts.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 or IPv6 host address or CIDR, or a comma-separated list of host addresses or CIDRs. | List | Required | |
Configuration ID | Enter a comma-separated list of central configuration IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | |
Protection Group ID | Enter a comma-separated list of protection group IDs. You can either enter the configuration ID or the protection group ID. | Integer | Optional | You can retrieve this using the action List Protection Groups. |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Replace Outbound Allowed Hosts
This action replaces hosts in the outbound allowlist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 host address or CIDR, or a comma-separated list of IPv4 host addresses or CIDRs to update. | List | Required | |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Replace Outbound Blocklisted Hosts
This action replaces hosts in the outbound blocklist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host Address | Enter a single IPv4 host address or CIDR, or a comma-separated list of IPv4 host addresses or CIDRs to update. | List | Required | |
Extra Params | Enter any additional parameters. | Key Value | Optional |
Action: Generic Action
This is a generic action used to make requests to any NETSCOUT Arbor Edge Defense endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. | Text | Required | |
Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Key Value | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_data, download, files, filename, retry_wait, retry_count, custom_output, response_type |