Get the list of automatically reported IP addresses by the user.

GET {{baseUrl}}/v1/denylist/reported/ip?dataset=AOTLX&reported_before=26745926&reported_after=-59968878&expires_before=49822579&expires_after=22732944&greater_than=-86765534&less_than=-58290403&ip_protocol_version=ALL&output_format=JSON

What

Obtain the list of all the IPv4 or IPv6 addresses that have been automatically reported by the user. A user can report automatically an IP address with the asynchronous API. The reported IP addresses differ from the ones managed with the endpoint /v1/denylist/cidr. As a rule of thumb, the reported IP addresses are the ones submitted by devices like honeypots, firewalls, log engines, etc. The denylisted IP addresses are the ones submitted manually by the user from files or indidual items.

Parameters

The endpoint accepts the following parameters in the query string: - dataset: (Optional) Name of the dataset to filter the query. If not given, then all datasets are queried. If given, then only the changes logged in the given dataset are returned. The list of datasets is obtained from the /v1/dataset/ip endpoint. - reported_before: (Optional) The UNIX timestamp in milliseconds of the earliest reported date to be included in the query. If not given, then the earliest date is current time. - reported_after: (Optional) The UNIX timestamp in milliseconds of the oldest reported date to be included in the query. If not given, then the oldest date is the first event logged. - expires_before: (Optional) The UNIX timestamp in milliseconds of the earliest expiry date to be included in the query. If not given, then the earliest date is current time. - expires_after: (Optional) The UNIX timestamp in milliseconds of the oldest expiry date to be included in the query. If not given, then the oldest date is the first event logged. - greater_than: (Optional) Restricts the result displaying only the IP addresses reported more times than the given value. It must be an integer greater than 0. - less_than: (Optional) Restricts the result displaying only the IP addresses reported less times than the given value. It must be an integer greater than 0. - ip_protocol_version: (Optional) Restricts the result displaying only the IP addresses with the given IP protocol version. Values are: ALL, IPV4, IPV6. If not given, then all IP addresses are returned. - output_format: (Optional) The format of the output. Values are: JSON, CSV, AWS-WAF. If not given, then the default format is JSON. AWS-WAF is the format used by AWS WAF to import ipsets in the service. You can find more information about AWS WAF import here.

Result

The result is a JSON object with a list of the following JSON objects: - self: the URI to individual status. - addresses: a list of JSON objects with the following fields: - self: the URI to individual reported IP information. - last_report: Unix timestamp in milliseconds when the IP address was last reported. - expiry: Unix timestamp in milliseconds when the IP address will expire and be removed. - total_reports: Total number of reports for the IP address. - protocol: IP protocol version of the IP address. Same value as the ip_protocol_version parameter if given. - dataset: Name of the dataset where the IP address was reported. Must be a value from the /v1/dataset/ip endpoint. - tags: A list of strings with the tags associated to the IP address at the origin device. It helps to classify the origin of the report.

Errors

  • a 400 Bad Request error if any timestamp is in the future.
  • a 400 Bad Request error if the dataset is not a string that can have numbers, upper and lower case letters, and underscores.
  • a 404 Not Found error if the dataset was not found.
  • a 422 Unprocessable Entity error if some of the parameters are malformed.

It will also return the API Global errors described in the API description.

Request Params

KeyDatatypeRequiredDescription
datasetstringThe dataset list type to filter for. Must be uppercase, numbers and underscore
reported_beforenumberRestricts the result displaying only the IP addresses reported before reported_before. It must be a UNIX timestamp in seconds.
reported_afternumberRestricts the result displaying only the IP addresses reported after reported_after. It must be a UNIX timestamp in seconds.
expires_beforenumberRestricts the result displaying only the IP addresses that will expire before expires_before. It must be a UNIX timestamp in seconds greater than the current UNIX timestamp.
expires_afternumberRestricts the result displaying only the IP addresses that will expire after expires_after. It must be a UNIX timestamp in seconds greater than the current UNIX timestamp.
greater_thannumberRestricts the result displaying only the IP addresses reported more times than greater_than. It must be an integer greater than 0.
less_thannumberRestricts the result displaying only the IP addresses reported less times than less_than. It must be an integer greater than 1.
ip_protocol_versionstringRestrict the result displaying the IP protocol version requested (IPV4 or IPV6) or both (ALL). Some output formats MUST filter by IP protocol version first.
output_formatstringThe output format of the datasets.

HEADERS

KeyDatatypeRequiredDescription
Acceptstring

RESPONSES

status: OK

{"self":"adipisicing","addresses":[{"self":"quis enim mollit","last_report":-33252268,"total_reports":-83733085,"dataset":"dolore ullamco ut","expiry":-86344067,"protocol":"IPV6","tags":["F-7S75LXSOP4-G3RV-2KFUQ9R-J9H2QYHK-SUZ9T4-3Y","IHDRM5-W9WM7C7V-W6W860-L-TIFFGS3NN-RCGHW2Z7-336-5DGTZHFM7-OT558-ATUIWETIQ4"]},{"self":"magna amet dol","last_report":-68154388,"total_reports":-6489355,"dataset":"ut","expiry":-42384962,"protocol":"ALL","tags":["2","20ZKB0G5Q-Z-04TT-ARXGAPVKUJC-64A6M-QXVCXK4EU-DJQBLNEVV91-ZY-GTHBQD8BVG-7ZOB-3ACA03K9L3"]}]}