Skip to content

IP Control API

This is an API guide for allowing (whitelisting) or blocking (blacklisting) IPs without directly accessing the Manager console.
This API enables a rapid response based on threat logs detected by a SIEM or SOAR integrated with DeepFinder.

  • Required permissions for General user
    Under [Management] - [Admin]
    [1]Policy / Policy Search
    [2] Policy / Policy Setting

Add Whitelist/Blacklist IP

  • API: apply_white_black_ip
    Adds a specific IP to the whitelist or blacklist of a designated security policy.

Blacklisted IP: Is added to the [API]_BLACK_LIST ["Domain Group ID"] IP group.

Whitelisted IP: Is added to the [API]_WHITE_LIST ["Domain Group ID"] IP group.

[Parameter]

key : (Required): The unique API key of the user account required for the API call.

type : Policy type (Add to Blacklist / Add to Whitelist)
Add to Whitelist : white
Add to Blacklist : black

start_ip : (Required): The IP address to add, or the starting address of an IP range.
- When registering 1.1.1.1 ~ 1.1.1.3 -> 1.1.1.1

end_ip : (Optional): The ending address of an IP range. Can be omitted when adding a single IP.
- When registering 1.1.1.1 ~ 1.1.1.3 -> 1.1.1.3
- When registering a single IP, end_ip does not need to be sent.

domaingid : (Required): The ID of the domain group to which the policy will be applied.
expired_date : (Optional): Specifies the expiration time for the IP (YYYY-MM-DDTHH:MM:SS format).
                The IP will be automatically deleted from the IP group after this time.

[Sample URL]

http://[Manager IP]/api/apply_white_black_ip?key=[Admin API Key]&type=black&start_ip=2.2.2.2&domaingid=4&expired_date=2023-08-26T12:38:00

[Response]

Success : Completed

Failure : Failure message

[Example]

 Register Single IP (with expiration time)

Add to Whitelist : http://[Manager IP]/api/apply_white_black_ip?key=abcde&type=white&start_ip=1.1.1.1&domaingid=4&expired_date=2023-12-31T12:30:00
Add to Blacklist : http://[Manager IP]/api/apply_white_black_ip?key=abcde&type=black&start_ip=1.1.1.1&domaingid=4&expired_date=2023-12-31T12:30:00

Register IP Range (without expiration time)

Add to Whitelist : http://[Manager IP]/api/apply_white_black_ip?key=abcde&type=white&start_ip=1.1.1.1&end_ip=2.2.2.2&domaingid=4
Add to Blacklist : http://[Manager IP]/api/apply_white_black_ip?key=abcde&type=black&start_ip=1.1.1.1&end_ip=2.2.2.2&domaingid=4

Retrieve Whitelist/Blacklist IP

  • API: get_white_black_ip
    Retrieves the whitelist/blacklist policies and IP lists configured for a specific domain group via the API.

[Parameter]

key : The API key of the account making the API call
type : The type of policy to retrieve (Blacklist / Whitelist)
domaingid : The domain group to retrieve

[Sample URL]

Retrieve Whitelist

http://[Manager IP]/api/get_white_black_ip?key=[Admin API Key]&type=white&domaingid=4
Retrieve Blacklist

http://[Manager IP]/api/get_white_black_ip?key=[Admin API Key]&type=black&domaingid=4

[Response]

JSON Array
    [
      {
        "groupname": "[API]_BLACK_LIST [ 4 ]",
        "igid": "1006",
        "type": "user",
        "atype": "black",
        "iplist": [
          {
            "endip": "10.3.3.3",
            "igid": "1006",
            "ipid": "500011",
            "expired_date": null,
            "startip": "10.3.3.3"
          },
          {
            "endip": "1.1.1.1",
            "igid": "1006",
            "ipid": "500021",
            "expired_date": "2023-08-26T12:38:00",
            "startip": "1.1.1.1"
          },
          {
            "endip": "2.2.2.2",
            "igid": "1006",
            "ipid": "500022",
            "expired_date": "2023-08-26T12:38:00",
            "startip": "2.2.2.2"
          }
        ],
        "log": "FULL",
        "domaingid": "4"
      }
    ]

Delete IP

  • API: del_white_black_ip
    Deletes a specific IP from a whitelist or blacklist IP group that was added via the API.

[Parameter]

key : The API key of the account making the API call
type : (Required) The type of policy from which to delete.
    white: Delete IP from Whitelist
    black: Delete IP from Blacklist
start_ip : Start IP
    - When deleting 1.1.1.1 -> 1.1.1.1
end_ip : End IP
    - When deleting a range 1.1.1.1 ~ 1.1.1.3 -> 1.1.1.3
    - When deleting a single IP, end_ip does not need to be sent.
domaingid : The domain group to apply to

[Sample URL]

Delete Single IP
    - Delete Whitelist IP : http://[Manager IP]/api/del_white_black_ip?key=[Admin API Key]&type=white&domaingid=4&start_ip=1.1.1.1
    - Delete Blacklist IP : http://[Manager IP]/api/del_white_black_ip?key=[Admin API Key]&type=black&domaingid=4&start_ip=1.1.1.1

Delete IP Range
    - Whitelist: http://[Manager IP]/api/del_white_black_ip?key=[API Key]&type=white&domaingid=4&start_ip=1.1.1.1&end_ip=2.2.2.2
    - Blacklist: http://[Manager IP]/api/del_white_black_ip?key=[API Key]&type=black&domaingid=4&start_ip=1.1.1.1&end_ip=2.2.2.2

[Response]

    String
- Success : Completed
- Failure : Failure message