Get the list of automatically reported IP addresses by the user.
GET {{baseUrl}}/v1/denylist/reported/ip?dataset=AOTLX&reported_before=26745926&reported_after=-59968878&expires_before=49822579&expires_after=22732944&greater_than=-86765534&less_than=-58290403&ip_protocol_version=ALL&output_format=JSON
What
Obtain the list of all the IPv4 or IPv6 addresses that have been automatically reported by the user. A user can report automatically an IP address with the asynchronous API. The reported IP addresses differ from the ones managed with the endpoint /v1/denylist/cidr. As a rule of thumb,
the reported IP addresses are the ones submitted by devices like honeypots, firewalls, log engines, etc. The denylisted IP addresses are the ones submitted manually by the user from files or indidual items.
Parameters
The endpoint accepts the following parameters in the query string:
- dataset: (Optional) Name of the dataset to filter the query. If not given, then all datasets are queried. If given, then only the changes logged in the given dataset are returned. The list of datasets is obtained from the /v1/dataset/ip endpoint.
- reported_before: (Optional) The UNIX timestamp in milliseconds of the earliest reported date to be included in the query. If not given, then the earliest date is current time.
- reported_after: (Optional) The UNIX timestamp in milliseconds of the oldest reported date to be included in the query. If not given, then the oldest date is the first event logged.
- expires_before: (Optional) The UNIX timestamp in milliseconds of the earliest expiry date to be included in the query. If not given, then the earliest date is current time.
- expires_after: (Optional) The UNIX timestamp in milliseconds of the oldest expiry date to be included in the query. If not given, then the oldest date is the first event logged.
- greater_than: (Optional) Restricts the result displaying only the IP addresses reported more times than the given value. It must be an integer greater than 0.
- less_than: (Optional) Restricts the result displaying only the IP addresses reported less times than the given value. It must be an integer greater than 0.
- ip_protocol_version: (Optional) Restricts the result displaying only the IP addresses with the given IP protocol version. Values are: ALL, IPV4, IPV6. If not given, then all IP addresses are returned.
- output_format: (Optional) The format of the output. Values are: JSON, CSV, AWS-WAF. If not given, then the default format is JSON. AWS-WAF is the format used by AWS WAF to import ipsets in the service. You can find more information about AWS WAF import here.
Result
The result is a JSON object with a list of the following JSON objects:
- self: the URI to individual status.
- addresses: a list of JSON objects with the following fields:
- self: the URI to individual reported IP information.
- last_report: Unix timestamp in milliseconds when the IP address was last reported.
- expiry: Unix timestamp in milliseconds when the IP address will expire and be removed.
- total_reports: Total number of reports for the IP address.
- protocol: IP protocol version of the IP address. Same value as the ip_protocol_version parameter if given.
- dataset: Name of the dataset where the IP address was reported. Must be a value from the /v1/dataset/ip endpoint.
- tags: A list of strings with the tags associated to the IP address at the origin device. It helps to classify the origin of the report.
Errors
- a
400 Bad Requesterror if any timestamp is in the future. - a
400 Bad Requesterror if the dataset is not a string that can have numbers, upper and lower case letters, and underscores. - a
404 Not Founderror if the dataset was not found. - a
422 Unprocessable Entityerror if some of the parameters are malformed.
It will also return the API Global errors described in the API description.
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
dataset | string | The dataset list type to filter for. Must be uppercase, numbers and underscore | |
reported_before | number | Restricts the result displaying only the IP addresses reported before reported_before. It must be a UNIX timestamp in seconds. | |
reported_after | number | Restricts the result displaying only the IP addresses reported after reported_after. It must be a UNIX timestamp in seconds. | |
expires_before | number | Restricts the result displaying only the IP addresses that will expire before expires_before. It must be a UNIX timestamp in seconds greater than the current UNIX timestamp. | |
expires_after | number | Restricts the result displaying only the IP addresses that will expire after expires_after. It must be a UNIX timestamp in seconds greater than the current UNIX timestamp. | |
greater_than | number | Restricts the result displaying only the IP addresses reported more times than greater_than. It must be an integer greater than 0. | |
less_than | number | Restricts the result displaying only the IP addresses reported less times than less_than. It must be an integer greater than 1. | |
ip_protocol_version | string | Restrict the result displaying the IP protocol version requested (IPV4 or IPV6) or both (ALL). Some output formats MUST filter by IP protocol version first. | |
output_format | string | The output format of the datasets. |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Accept | string |
RESPONSES
status: OK
{"self":"adipisicing","addresses":[{"self":"quis enim mollit","last_report":-33252268,"total_reports":-83733085,"dataset":"dolore ullamco ut","expiry":-86344067,"protocol":"IPV6","tags":["F-7S75LXSOP4-G3RV-2KFUQ9R-J9H2QYHK-SUZ9T4-3Y","IHDRM5-W9WM7C7V-W6W860-L-TIFFGS3NN-RCGHW2Z7-336-5DGTZHFM7-OT558-ATUIWETIQ4"]},{"self":"magna amet dol","last_report":-68154388,"total_reports":-6489355,"dataset":"ut","expiry":-42384962,"protocol":"ALL","tags":["2","20ZKB0G5Q-Z-04TT-ARXGAPVKUJC-64A6M-QXVCXK4EU-DJQBLNEVV91-ZY-GTHBQD8BVG-7ZOB-3ACA03K9L3"]}]}