{ "info": { "_postman_id": "2cc71c90-35c7-4143-84c0-3aa01a15b10a", "name": "ATCFW API v2.0", "description": "ActiveTrust Cloud is an extension of the ActiveTrust Suite that provides visibility into infected and compromised off-premises devices, roaming users, remote sites, and branch offices. You can subscribe to Infoblox ActiveTrust Cloud and use its functionality to mitigate and control malware as well as provide unprecedented insight into your network security posture and enable timely action. ActiveTrust Cloud also offers unified policy management, reporting, and threat analytics across the entire spectrum. Using automated and high-quality threat intelligence feeds and unique behavioral analytics, it automatically stops device communications with C&Cs/botnets and prevents DNS based data exfiltration.\n\nThe mission-critical DNS infrastructure can become a vulnerable component in your network when it is inadequately protected by traditional security solutions and consequently used as an attack surface. Compromised DNS services can result in catastrophic network and system failures. To fully protect your network in today’s cyber security threat environment, Infoblox sets a new DNS security standard by offering scalable, enterprise-grade, and integrated protection for your DNS infrastructure.\n\nInfoblox ActiveTrust Cloud is an extension of the ActiveTrust Suite that provides visibility into infected and compromised off-premises devices, roaming users, remote sites, and branch offices. You can subscribe to Infoblox ActiveTrust Cloud and use its functionality to mitigate and control malware as well as provide unprecedented insight into your network security posture and enable timely action. ActiveTrust Cloud also offers unified policy management, reporting, and threat analytics across the entire spectrum. Using automated and high-quality threat intelligence feeds and unique behavioral analytics, it automatically stops device communications with C&Cs/botnets and prevents DNS based data exfiltration.\n\nThrough the Infoblox Cloud Services Portal, you can view the status of your subscription and threat intelligence feeds, manage your network scope and roaming end users, and learn more about threats on your networks through the Infoblox Threat Lookup tool and predefined reports.\n", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "bypass_domains", "item": [ { "name": "Read Bypass Domains.", "request": { "method": "GET", "header": [ { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/bypass_domains", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "bypass_domains" ] }, "description": "Use this method to retrieve information on all bypassed domains for the account.\n\nWhen you use ActiveTrust Endpoint, DNS queries are sent to ActiveTrust Cloud directly except for queries that target the bypassed domains and internal domains collected through the DHCP server. If you have internal domains that are served by local DNS servers and you want to reach them without interruptions, you should consider adding them to the bypassed internal domains list so that DNS queries for these internal domains are sent to the local DNS servers instead of ActiveTrust Cloud." }, "response": [] }, { "name": "Update Bypass Domains.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The list of bypassed domain names." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/bypass_domains", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "bypass_domains" ] }, "description": "Use this method to replace the entire list of bypass domains and addresses for the account with the new list specified in the HTTP body.\n\nWhen you use ActiveTrust Endpoint, DNS queries are sent to ActiveTrust Cloud directly except for queries that target the bypassed domains and internal domains collected through the DHCP server. If you have internal domains that are served by local DNS servers and you want to reach them without interruptions, you should consider adding them to the bypassed internal domains list so that DNS queries for these internal domains are sent to the local DNS servers instead of ActiveTrust Cloud." }, "response": [] } ], "description": "Folder for bypass_domains" }, { "name": "category_filters", "item": [ { "name": "List Category Filters.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text", "sessionValue": "" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/category_filters", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "category_filters" ] }, "description": "Use this method to retrieve information on all Category Filter objects for the account.\n\nCategory filters are content categorization rules that ActiveTrust Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block, will be taken on the detected content. ActiveTrust Cloud provides the following content categories from which you can build your category filters: Drugs, Risk/Fraud/Crime, Entertainment/Culture, Purchasing, Information/Communication, Business/Services, Information Technology, Lifestyle, Society/Education/Religion, Mature/Violent, Games/Gambling, and Pornography/Nudity. Each of these categories contains sub-categories that further define the respective content. When you configure your category filter, you can add as many categories and sub-categories as you need. You then add the category filter to your security policy and assign the Block action for the filter." }, "response": [] }, { "name": "Create Category Filter.", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Category Filter object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/category_filters", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "category_filters" ] }, "description": "Use this method to create a Category Filter object.\n\nCategory filters are content categorization rules that ActiveTrust Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block, will be taken on the detected content. ActiveTrust Cloud provides the following content categories from which you can build your category filters: Drugs, Risk/Fraud/Crime, Entertainment/Culture, Purchasing, Information/Communication, Business/Services, Information Technology, Lifestyle, Society/Education/Religion, Mature/Violent, Games/Gambling, and Pornography/Nudity. Each of these categories contains sub-categories that further define the respective content. When you configure your category filter, you can add as many categories and sub-categories as you need. You then add the category filter to your security policy and assign the Block action for the filter.\n\nRequired:\n- name\n- categories\n\nValidation:\n\n| code | description |\n| ---- | -------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among category filters belonging to the same account |\n| 400 | \"name\" value cannot be equal to any of reserved* names |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 400 | \"categories\" value must not be empty |\n| 404 | \"categories\" value must contain existing content categories |\n\n\\* - set of reserved names includes following items: \"All ActiveTrust Endpoints (Default)\", \"All Networks (Default)\", \"All DNS Forwarder Proxies (Default)\", \"Threat Insight - Fast Flux\", \"Threat Insight - DNS Messenger\", \"Threat Insight - DGA\", \"Threat Insight - Data Exfiltration\"." }, "response": [] }, { "name": "Delete Category Filters.", "request": { "method": "DELETE", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/category_filters", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "category_filters" ] }, "description": "Use this method to delete Category Filter objects. Deletion of multiple lists is an all-or-nothing operation (if any of the specified lists can not be deleted then none of the specified lists will be deleted).\n\nCategory filters are content categorization rules that ActiveTrust Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block, will be taken on the detected content. ActiveTrust Cloud provides the following content categories from which you can build your category filters: Drugs, Risk/Fraud/Crime, Entertainment/Culture, Purchasing, Information/Communication, Business/Services, Information Technology, Lifestyle, Society/Education/Religion, Mature/Violent, Games/Gambling, and Pornography/Nudity. Each of these categories contains sub-categories that further define the respective content. When you configure your category filter, you can add as many categories and sub-categories as you need. You then add the category filter to your security policy and assign the Block action for the filter.\n\nRequired:\n- ids\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"ids\" value must be non-empty |\n| 400 | \"ids\" value must contain unique elements |\n| 400 | \"ids\" value must contain values that are greater than or equal to zero |\n| 412 | category filters assigned to a security policy cannot be deleted |" }, "response": [] }, { "name": "Read Category Filter.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/category_filters/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "category_filters", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to retrieve information on the specified Category Filter object.\n\nCategory filters are content categorization rules that ActiveTrust Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block, will be taken on the detected content. ActiveTrust Cloud provides the following content categories from which you can build your category filters: Drugs, Risk/Fraud/Crime, Entertainment/Culture, Purchasing, Information/Communication, Business/Services, Information Technology, Lifestyle, Society/Education/Religion, Mature/Violent, Games/Gambling, and Pornography/Nudity. Each of these categories contains sub-categories that further define the respective content. When you configure your category filter, you can add as many categories and sub-categories as you need. You then add the category filter to your security policy and assign the Block action for the filter." }, "response": [] }, { "name": "Update Category Filter.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Category Filter object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/category_filters/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "category_filters", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to update the specified Category Filter object.\n\nCategory filters are content categorization rules that ActiveTrust Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block, will be taken on the detected content. ActiveTrust Cloud provides the following content categories from which you can build your category filters: Drugs, Risk/Fraud/Crime, Entertainment/Culture, Purchasing, Information/Communication, Business/Services, Information Technology, Lifestyle, Society/Education/Religion, Mature/Violent, Games/Gambling, and Pornography/Nudity. Each of these categories contains sub-categories that further define the respective content. When you configure your category filter, you can add as many categories and sub-categories as you need. You then add the category filter to your security policy and assign the Block action for the filter.\n\nRequired:\n- name\n- categories\n\nValidation:\n\n| code | description |\n| ---- | -------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among category filters belonging to the same account |\n| 400 | \"name\" value cannot be equal to any of reserved* names |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 400 | \"categories\" value must not be empty |\n| 404 | \"categories\" value must contain existing content categories |\n\n\\* - set of reserved names includes following items: \"All ActiveTrust Endpoints (Default)\", \"All Networks (Default)\", \"All DNS Forwarder Proxies (Default)\", \"Threat Insight - Fast Flux\", \"Threat Insight - DNS Messenger\", \"Threat Insight - DGA\", \"Threat Insight - Data Exfiltration\"." }, "response": [] } ], "description": "Folder for category_filters" }, { "name": "content_categories", "item": [ { "name": "List Content Categories.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/content_categories", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "content_categories" ] }, "description": "Use this method to retrieve information on all Content Category objects for the account.\n\nThe Content Category object represents a specific internet content and used to configure category filters. Based on your configuration, specific actions such as Allow or Block, will be taken on the detected content. ActiveTrust Cloud provides the following content categories from which you can build your category filters: Drugs, Risk/Fraud/Crime, Entertainment/Culture, Purchasing, Information/Communication, Business/Services, Information Technology, Lifestyle, Society/Education/Religion, Mature/Violent, Games/Gambling, and Pornography/Nudity. Each of these categories contains sub-categories that further define the respective content. When you configure your category filter, you can add as many categories and sub-categories as you need." }, "response": [] } ], "description": "Folder for content_categories" }, { "name": "custom_redirects", "item": [ { "name": "List Custom Redirects.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/custom_redirects", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "custom_redirects" ] }, "description": "Use this method to retrieve information on all Custom Redirect objects for the account.\n\nYou can configure ActiveTrust Cloud to redirect traffic to the Infoblox redirect page or a custom redirect destination. ActiveTrust Cloud allows you to apply multiple redirect actions and integrate ActiveTrust Cloud with third-party proxies, secure web gateways, blackholes, honeypots and sinkhole solutions." }, "response": [] }, { "name": "Create Custom Redirect.", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Custom Redirect object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/custom_redirects", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "custom_redirects" ] }, "description": "Use this method to create a Custom Redirect object.\n\nYou can configure ActiveTrust Cloud to redirect traffic to the Infoblox redirect page or a custom redirect destination. ActiveTrust Cloud allows you to apply multiple redirect actions and integrate ActiveTrust Cloud with third-party proxies, secure web gateways, blackholes, honeypots and sinkhole solutions.\n\nRequired:\n- name\n- data\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among custom lists belonging to the same account |\n| 400 | \"data\" must contain a valid IPv4 address or domain name |" }, "response": [] }, { "name": "Delete Custom Redirect.", "request": { "method": "DELETE", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/custom_redirects", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "custom_redirects" ] }, "description": "Use this method to delete Custom Redirect objects. Deletion of multiple lists is an all-or-nothing operation (if any of the specified lists can not be deleted then none of the specified lists will be deleted).\n\nYou can configure ActiveTrust Cloud to redirect traffic to the Infoblox redirect page or a custom redirect destination. ActiveTrust Cloud allows you to apply multiple redirect actions and integrate ActiveTrust Cloud with third-party proxies, secure web gateways, blackholes, honeypots and sinkhole solutions.\n\nRequired:\n- ids\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"ids\" value must be non-empty |\n| 400 | \"ids\" value must contain unique elements |\n| 400 | \"ids\" value must contain values that are greater than or equal to zero |\n| 412 | Custom redirect assigned to a security policy cannot be deleted |" }, "response": [] }, { "name": "Read Custom Redirect.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/custom_redirects/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "custom_redirects", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to retrieve information on the specified Custom Redirect object.\n\nYou can configure ActiveTrust Cloud to redirect traffic to the Infoblox redirect page or a custom redirect destination. ActiveTrust Cloud allows you to apply multiple redirect actions and integrate ActiveTrust Cloud with third-party proxies, secure web gateways, blackholes, honeypots and sinkhole solutions." }, "response": [] }, { "name": "Update Custom Redirect.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Custom Redirect object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/custom_redirects/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "custom_redirects", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to update a specified Custom Redirect object.\n\nYou can configure ActiveTrust Cloud to redirect traffic to the Infoblox redirect page or a custom redirect destination. ActiveTrust Cloud allows you to apply multiple redirect actions and integrate ActiveTrust Cloud with third-party proxies, secure web gateways, blackholes, honeypots and sinkhole solutions.\n\nRequired:\n- name\n- data\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among custom lists belonging to the same account |\n| 400 | \"data\" must contain a valid IPv4 address or domain name |" }, "response": [] } ], "description": "Folder for custom_redirects" }, { "name": "named_lists", "item": [ { "name": "List Named Lists.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists" ] }, "description": "Use this method to retrieve information on all Named List objects for the account. Note that list items are not returned for this operation.\n\nThe Named List object represents several types of lists allowed for ActiveTrust Cloud such as predefined threat intelligence feeds that your subscription offers (Threat Insight, Fast Flux, DGA, DNSM). In addition to the predefined threat intelligence feeds that your subscription offers, you can create custom lists (containing domains and IP addresses) to define whitelists and blacklists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. Note that lists representing predefined TI feeds cannot be created, updated and deleted." }, "response": [] }, { "name": "Create Named List.", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Named List object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists" ] }, "description": "Use this method to create a Named List object.\n\nThe Named List object represents several types of lists allowed for ActiveTrust Cloud such as predefined threat intelligence feeds that your subscription offers (Threat Insight, Fast Flux, DGA, DNSM). In addition to the predefined threat intelligence feeds that your subscription offers, you can create custom lists (containing domains and IP addresses) to define whitelists and blacklists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. Note that lists representing predefined TI feeds cannot be created, updated and deleted.\n\nRequired:\n- name\n- type\n- items\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among custom lists belonging to the same account |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 400 | \"items\" must contain either valid domain names or IPv4 addresses |\n| 400 | \"items\" must not be empty |\n| 400 | Named list of type \"dnsm\", \"threat_insight\", \"fast_flux\", and \"dga\" cannot be created |" }, "response": [] }, { "name": "Delete Named Lists.", "request": { "method": "DELETE", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists" ] }, "description": "Use this method to delete Named List objects. Deletion of multiple lists is an all-or-nothing operation (if any of the specified lists can not be deleted then none of the specified lists will be deleted).\n\nThe Named List object represents several types of lists allowed for ActiveTrust Cloud such as predefined threat intelligence feeds that your subscription offers (Threat Insight, Fast Flux, DGA, DNSM). In addition to the predefined threat intelligence feeds that your subscription offers, you can create custom lists (containing domains and IP addresses) to define whitelists and blacklists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. Note that lists representing predefined TI feeds cannot be created, updated and deleted.\n\nRequired:\n- ids\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"ids\" value must be non-empty |\n| 400 | \"ids\" value must contain unique elements |\n| 400 | \"ids\" value must contain values that are greater than or equal to zero |\n| 412 | Named lists assigned to a security policy cannot be deleted |\n| 400 | Named list of type \"dnsm\", \"threat_insight\", \"fast_flux\", and \"dga\" cannot be removed |" }, "response": [] }, { "name": "Read Named List.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to retrieve information on the specified Named List object. Note that returned data includes list items.\n\nThe Named List object represents several types of lists allowed for ActiveTrust Cloud such as predefined threat intelligence feeds that your subscription offers (Threat Insight, Fast Flux, DGA, DNSM). In addition to the predefined threat intelligence feeds that your subscription offers, you can create custom lists (containing domains and IP addresses) to define whitelists and blacklists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. Note that lists representing predefined TI feeds cannot be created, updated and deleted." }, "response": [] }, { "name": "Update Named List.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Named List object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to update the specified Named List object. Note that list type cannot be updated.\n\nThe Named List object represents several types of lists allowed for ActiveTrust Cloud such as predefined threat intelligence feeds that your subscription offers (Threat Insight, Fast Flux, DGA, DNSM). In addition to the predefined threat intelligence feeds that your subscription offers, you can create custom lists (containing domains and IP addresses) to define whitelists and blacklists for additional protection. You can use a custom list to complement existing feeds or override the Block, Allow, Log, or Redirect action that is currently defined for an existing feed. Note that lists representing predefined TI feeds cannot be created, updated and deleted.\n\nRequired:\n- name\n- items\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among custom lists belonging to the same account |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 400 | \"items\" must contain either valid domain names or IPv4 addresses |\n| 400 | \"items\" must not be empty |\n| 400 | Named list of type \"dnsm\", \"threat_insight\", \"fast_flux\", and \"dga\" cannot be updated |\n| 400 | list type cannot be updated |" }, "response": [] }, { "name": "Insert Named List Items.", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists/:id/items", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists", ":id", "items" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to update existing items with new ones for a specified Named List object. Note that duplicated items are silently skipped and only new items are appended to the named list. Note that DNSM, TI, Fast Flux and DGA lists cannot be updated. Only Custom List items can be updated.\n\nThe Custom List Items represent the list of the FQDN or IPv4 addresses to define whitelists and blacklists for additional protection.\n\nValidation:\n\n| code | description |\n| ---- | ---------------------------------------------------------------------------- |\n| 400 | \"id\" value must be greater than or equal to zero |\n| 400 | \"items\" value must contain either valid domain names or IPv4 addresses |" }, "response": [] }, { "name": "Delete Named List Items.", "request": { "method": "DELETE", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/named_lists/:id/items", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "named_lists", ":id", "items" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to remove items from a specified Named List object. Note that duplicated items are silently skipped and only new items are appended to the named list. Note that DNSM, TI, Fast Flux and DGA lists cannot be updated. Only Custom List items can be updated.\n\nThe Custom List Items represent the list of the FQDN or IPv4 addresses to define whitelists and blacklists for additional protection.\n\nRequired:\n- items\n\nValidation:\n\n| code | description |\n| ---- | ---------------------------------------------------------------------------- |\n| 400 | \"id\" value must be greater than or equal to zero |\n| 400 | \"items\" value must contain either valid domain names or IPv4 addresses |\n| 412 | \"items\" value must contain existing values for a specified named list |" }, "response": [] } ], "description": "Folder for named_lists" }, { "name": "network_lists", "item": [ { "name": "List Network Lists.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/network_lists?_filter={{_filter}}", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "network_lists" ], "query": [ { "key": "_filter", "value": "{{_filter}}" } ] }, "description": "Use this method to retrieve information on all Network List objects for the account.\n\nBefore you can apply security policies, you must first define the networks that you want to protect from malicious attacks. The first step in configuring ActiveTrust Cloud is to set up DNS Firewall by defining your remote networks. You identify these external networks by their IP addresses. A network can contain a group of IPv4 addresses or blocks.\n\nFiltering:\n\n| name | op |\n| ------------------ | ------------------------------------------ |\n| id | exact, exact null, gt, ge, lt, le |\n| security_policy_id | exact, exact null, gt, ge, lt, le |\n| name | exact, exact null, match, gt, ge, lt, le |\n| description | exact, exact null, match, gt, ge, lt, le |" }, "response": [] }, { "name": "Create Network List.", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Network List object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/network_lists", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "network_lists" ] }, "description": "Use this method to create a Network List object.\n\nBefore you can apply security policies, you must first define the networks that you want to protect from malicious attacks. The first step in configuring ActiveTrust Cloud is to set up DNS Firewall by defining your remote networks. You identify these external networks by their IP addresses. A network can contain a group of IPv4 addresses or blocks.\n\nRequired:\n- name\n- items\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among network lists belonging to the same account |\n| 400 | \"name\" value cannot be equal to any of reserved* names |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 400 | \"items\" value must not be empty |\n| 400 | \"items\" value must contain valid CIDRs from range [24, 32] |\n| 412 | CIDRs in \"items\" cannot overlap with each other and with existing items as well |\n\n\\* - set of reserved names includes following items: \"All ActiveTrust Endpoints (Default)\", \"All Networks (Default)\", \"All DNS Forwarder Proxies (Default)\", \"Threat Insight - Fast Flux\", \"Threat Insight - DNS Messenger\", \"Threat Insight - DGA\", \"Threat Insight - Data Exfiltration\"." }, "response": [] }, { "name": "Delete Network Lists.", "request": { "method": "DELETE", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/network_lists", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "network_lists" ] }, "description": "Use this method to delete the Network List objects. Deletion of multiple lists is an all-or-nothing operation (if any of the specified lists can not be deleted then none of the specified lists will be deleted).\n\nBefore you can apply security policies, you must first define the networks that you want to protect from malicious attacks. The first step in configuring ActiveTrust Cloud is to set up DNS Firewall by defining your remote networks. You identify these external networks by their IP addresses. A network can contain a group of IPv4 addresses or blocks.\n\nRequired:\n- ids\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"ids\" value must be non-empty |\n| 400 | \"ids\" value must contain unique elements |\n| 400 | \"ids\" value must contain values that are greater than or equal to zero |\n| 412 | network list that is assigned to a security policy cannot be deleted |" }, "response": [] }, { "name": "Read Network List.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/network_lists/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "network_lists", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to retrieve information on the specified Network List object.\n\nBefore you can apply security policies, you must first define the networks that you want to protect from malicious attacks. The first step in configuring ActiveTrust Cloud is to set up DNS Firewall by defining your remote networks. You identify these external networks by their IP addresses. A network can contain a group of IPv4 addresses or blocks." }, "response": [] }, { "name": "Update Network List.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Network List object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/network_lists/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "network_lists", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to update a specified Network List object.\n\nBefore you can apply security policies, you must first define the networks that you want to protect from malicious attacks. The first step in configuring ActiveTrust Cloud is to set up DNS Firewall by defining your remote networks. You identify these external networks by their IP addresses. A network can contain a group of IPv4 addresses or blocks.\n\nRequired:\n- name\n- items\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------- |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among network lists belonging to the same account |\n| 400 | \"name\" value cannot be equal to any of reserved* names |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 400 | \"items\" value must not be empty |\n| 400 | \"items\" value must contain valid CIDRs from range [24, 32] |\n| 412 | CIDRs in \"items\" cannot overlap with each other and with existing items as well |\n\n\\* - set of reserved names includes following items: \"All ActiveTrust Endpoints (Default)\", \"All Networks (Default)\", \"All DNS Forwarder Proxies (Default)\", \"Threat Insight - Fast Flux\", \"Threat Insight - DNS Messenger\", \"Threat Insight - DGA\", \"Threat Insight - Data Exfiltration\"." }, "response": [] } ], "description": "Folder for network_lists" }, { "name": "redirect_page", "item": [ { "name": "Read Redirect Page.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/redirect_page", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "redirect_page" ] }, "description": "Use this method to retrieve the Redirect Page object.\n\nWhen blocking users from accessing certain domains, you can redirect them to a page that delivers a default message about the action. You can also set a redirect page of your own or customize the redirect message." }, "response": [] }, { "name": "Update Redirect Page.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Redirect Page object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/redirect_page", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "redirect_page" ] }, "description": "Use this method to update the Redirect Page object.\n\nWhen blocking users from accessing certain domains, you can redirect them to a page that delivers a default message about the action. You can also set a redirect page of your own or customize the redirect message.\n\nRequired:\n- type\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"type\" value must contain valid redirect page type that is \"custom\" or \"default\" |\n| 400 | \"content\" length cannot exceed 262144 characters limit |\n| 400 | \"redirect_ip_address\" must contain valid IPv4 address |" }, "response": [] } ], "description": "Folder for redirect_page" }, { "name": "security_policies", "item": [ { "name": "List Security Policies.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/security_policies?_filter={{_filter}}", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "security_policies" ], "query": [ { "key": "_filter", "value": "{{_filter}}" } ] }, "description": "Use this method to retrieve information on all Security Policy objects for the account.\n\nA security policy defines a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks. When you create a new security policy, you first define a network scope to which you add networks, DNS forwarding proxies, and ActiveTrust Endpoint groups. ActiveTrust Cloud applies the security policy to all the entities that you include in the network scope. You can also include DNS forwarding proxies to which you want to apply the security policy. After you define the network scope, you can add custom lists and category filters to the security policy. You can also specify actions for the added lists and filters, and to determine the precedence order for the entities. Depending on your subscription level, each security policy also comes with a set of predefined threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. You cannot delete the inherited feeds and rules, but you can change their precedence order.\n\nFiltering:\n\n| name | op |\n| ------------------ | ------------------------------------------ |\n| id | exact, exact null, gt, ge, lt, le |\n| name | exact, exact null, match, gt, ge, lt, le |\n| description | exact, exact null, match, gt, ge, lt, le |\n| is_default | exact |" }, "response": [] }, { "name": "Create Security Policy.", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Security Policy object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/security_policies", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "security_policies" ] }, "description": "Use this method to create a Security Policy object. If no rule list is specified, the newly created Security Policy object will create these rules as a copy of default Security Policy rules (\"Default Global Policy\"). If rule list is provided it must contain at least the complete list of policy rules, including the rules based on all feeds that the account is entitled to. If no network list is specified, networking scope for this policy is empty, thus no action can be performed by this policy. Note that you are not allowed to add DNS Forwarding Proxies and Roaming Device Groups that are already assigned to a Security Policy different from \"Default Global Policy\", to assign them to this Security Policy object you should remove them from other Security Policy first.\n\nA security policy defines a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks. When you create a new security policy, you first define a network scope to which you add networks, DNS forwarding proxies, and ActiveTrust Endpoint groups. ActiveTrust Cloud applies the security policy to all the entities that you include in the network scope. You can also include DNS forwarding proxies to which you want to apply the security policy. After you define the network scope, you can add custom lists and category filters to the security policy. You can also specify actions for the added lists and filters, and to determine the precedence order for the entities. Depending on your subscription level, each security policy also comes with a set of predefined threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. You cannot delete the inherited feeds and rules, but you can change their precedence order.\n\nRequired:\n- name\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------------------------------ |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among security policies belonging to the same account |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 404 | \"network_lists\" must containt existing Network Lists |\n| 412 | \"network_lists\" cannot contain Network Lists that are already assigned to another Security Policy |\n| 400 | Network Lists for the Default Security Policy cannot be updated |\n| 404 | \"dfps\" must contain existing DNS Forwarding Proxies |\n| 412 | \"dfps\" cannot contain DNS Forwarding Proxies that are already assigned to another Security Policy |\n| 400 | DNS Forwarding Proxies for the Default Security Policy cannot be updated |\n| 404 | \"roaming_device_groups\" must contain existing endpoint devices |\n| 412 | \"roaming_device_groups\" cannot contain endpoint devices that are already assigned to another Security Policy |\n| 400 | endpoint devices for the Default Security Policy cannot be updated |\n| 404 | Threat Feed and TI rules must contain existing threat feeds and TI lists |\n| 400 | Threat Feed and TI rules must contain licensed threat feeds and TI lists |\n| 400 | Threat Feed rules must be unique for the Security Policy |\n| 404 | Custom Redirect rules must contain existing Custom Redirect |\n| 404 | Category Filter rules must contain existing Category Filter |\n| 400 | non-empty rule list must contain all licensed threat feeds and TI lists |" }, "response": [] }, { "name": "Delete Security Policies.", "request": { "method": "DELETE", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/security_policies", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "security_policies" ] }, "description": "Use this method to delete Security Policy objects. Deletion of multiple lists is an all-or-nothing operation (if any of the specified lists can not be deleted then none of the specified lists will be deleted).\n\nA security policy defines a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks. When you create a new security policy, you first define a network scope to which you add networks, DNS forwarding proxies, and ActiveTrust Endpoint groups. ActiveTrust Cloud applies the security policy to all the entities that you include in the network scope. You can also include DNS forwarding proxies to which you want to apply the security policy. After you define the network scope, you can add custom lists and category filters to the security policy. You can also specify actions for the added lists and filters, and to determine the precedence order for the entities. Depending on your subscription level, each security policy also comes with a set of predefined threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. You cannot delete the inherited feeds and rules, but you can change their precedence order.\n\nRequired:\n- ids\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------- |\n| 400 | \"ids\" value must be non-empty |\n| 400 | \"ids\" value must contain unique elements |\n| 400 | \"ids\" value must contain values that are greater than or equal to zero |\n| 412 | default security policy cannot be removed |" }, "response": [] }, { "name": "Read Security Policy.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/security_policies/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "security_policies", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to retrieve information on the specified Security Policy object.\n\nA security policy defines a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks. When you create a new security policy, you first define a network scope to which you add networks, DNS forwarding proxies, and ActiveTrust Endpoint groups. ActiveTrust Cloud applies the security policy to all the entities that you include in the network scope. You can also include DNS forwarding proxies to which you want to apply the security policy. After you define the network scope, you can add custom lists and category filters to the security policy. You can also specify actions for the added lists and filters, and to determine the precedence order for the entities. Depending on your subscription level, each security policy also comes with a set of predefined threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. You cannot delete the inherited feeds and rules, but you can change their precedence order." }, "response": [] }, { "name": "Update Security Policy.", "request": { "method": "PUT", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "The Security Policy object." }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/security_policies/:id", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "security_policies", ":id" ], "variable": [ { "key": "id", "value": "{{id}}" } ] }, "description": "Use this method to update a specified Network List object. The policy data supplied with the update request must have the complete list of policy rules, including the rules based on all feeds that the account is entitled to. If no network list is specified, networking scope for this policy is empty, thus no action can be performed by this policy. Note that you are not allowed to add DNS Forwarding Proxies and Roaming Device Groups that are already assigned to a Security Policy different from \"Default Global Policy\", to assign them to this Security Policy object you should remove them from other Security Policy first.\n\nA security policy defines a set of rules and actions that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks. When you create a new security policy, you first define a network scope to which you add networks, DNS forwarding proxies, and ActiveTrust Endpoint groups. ActiveTrust Cloud applies the security policy to all the entities that you include in the network scope. You can also include DNS forwarding proxies to which you want to apply the security policy. After you define the network scope, you can add custom lists and category filters to the security policy. You can also specify actions for the added lists and filters, and to determine the precedence order for the entities. Depending on your subscription level, each security policy also comes with a set of predefined threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. You cannot delete the inherited feeds and rules, but you can change their precedence order.\n\nRequired:\n- name\n- rules\n- dfps\n- network_lists\n- roaming_device_groups\n\nValidation:\n\n| code | description |\n| ---- | ------------------------------------------------------------------------------------------------------------ |\n| 400 | \"name\" length cannot exceed 256 characters limit |\n| 400 | \"name\" value must be unique among security policies belonging to the same account |\n| 400 | \"description\" length cannot exceed 256 characters limit |\n| 404 | \"network_lists\" must containt existing Network Lists |\n| 412 | \"network_lists\" cannot contain Network Lists that are already assigned to another Security Policy |\n| 400 | Network Lists for the Default Security Policy cannot be updated |\n| 404 | \"dfps\" must contain existing DNS Forwarding Proxies |\n| 412 | \"dfps\" cannot contain DNS Forwarding Proxies that are already assigned to another Security Policy |\n| 400 | DNS Forwarding Proxies for the Default Security Policy cannot be updated |\n| 404 | \"roaming_device_groups\" must contain existing endpoint devices |\n| 412 | \"roaming_device_groups\" cannot contain endpoint devices that are already assigned to another Security Policy |\n| 400 | endpoint devices for the Default Security Policy cannot be updated |\n| 404 | Threat Feed and TI rules must contain existing threat feeds and TI lists |\n| 400 | Threat Feed and TI rules must contain licensed threat feeds and TI lists |\n| 400 | Threat Feed rules must be unique for the Security Policy |\n| 404 | Custom Redirect rules must contain existing Custom Redirect |\n| 404 | Category Filter rules must contain existing Category Filter |\n| 400 | non-empty rule list must contain all licensed threat feeds and TI lists |" }, "response": [] } ], "description": "Folder for security_policies" }, { "name": "security_policy_rules", "item": [ { "name": "List Security Policy Rules.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/security_policy_rules?_filter={{_filter}}", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "security_policy_rules" ], "query": [ { "key": "_filter", "value": "{{_filter}}" } ] }, "description": "Use this method to retrieve information on all Security Policy Rule objects for the account.\n\nThe Security Policy Rule object represents a rule and action that you define to balance access and constraints so you can mitigate malicious attacks and provide security for your networks.\n\nFiltering:\n\n| name | op |\n| ------------------ | ------------------------------------------ |\n| policy_id | exact |\n| list_id | exact |\n| category_filter_id | exact |" }, "response": [] } ], "description": "Folder for security_policy_rules" }, { "name": "threat_feeds", "item": [ { "name": "List Threat Feeds.", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Authorization", "value": "{{token}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "https://{{URL}}/api/atcfw/v1/threat_feeds", "protocol": "https", "host": [ "{{URL}}" ], "path": [ "api", "atcfw", "v1", "threat_feeds" ] }, "description": "Use this method to retrieve information on all Threat Feed objects for the account.\n\nActiveTrust Cloud provides predefined threat intelligence feeds based on your subscription. The Plus subscription offers a few more feeds than the Standard subscription. The Advanced subscription offers a few more feeds than the Plus subscription. A threat feed subscription for RPZ updates offers protection against malicious hostnames." }, "response": [] } ], "description": "Folder for threat_feeds" } ], "event": [ { "listen": "prerequest", "script": { "id": "6873cbc3-8ec0-4a0c-8994-43f7cf2f93ae", "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "id": "a9282d74-d806-4933-986d-b8379751bf92", "type": "text/javascript", "exec": [ "" ] } } ], "variable": [ { "id": "fc3ed479-6013-4360-9fbd-518fc26c88f2", "key": "URL", "value": "csp.infoblox.com", "type": "string" }, { "id": "72cbe347-0de0-4198-9bb9-8af633bdcf77", "key": "token", "value": "Token ", "type": "string" } ] }