Default Ignore List If you want to ignore traffic from a specific IP address and/or traffic hitting a specific port on your Birds, you can use these endpoints.
There are times when you see alerts that are generated from known, expected IPs (such as scanners). In cases like this, you can add the known IP to an Ignore List which allows your Flock to filter traffic and only alerts you on unexpected incidents.
TIP
These endpoints will set the Ignore Lists for specified Flocks. For Globally defined Ignore lists, you can take a look at the Console Settings .
Add IP and Port to Ignore List POST /api/v1/flock/settings/whitelisting/ip/whitelist_ip_port
Add an IP and optional Port to the Ignore List.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
src_ip string
The source IP to ignore
Optional Parameters dst_port int
The destination port to ignore
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/whitelist_ip_port \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-d src_ip = EXAMPLE_SOURCE_IP \
-d dst_port = EXAMPLE_DESTINATION_PORT
1 2 3 4 5
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/whitelist_ip_port'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID' ,
'src_ip' : 'EXAMPLE_SOURCE_IP' ,
'dst_port' : EXAMPLE_DESTINATION_PORT
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12 13 14
{
"result" : "success"
}
1 2 3
Check if IP Ignoring is Enabled GET /api/v1/flock/settings/whitelisting/ip/is_enabled
Check if IP ignoring is enabled for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the enabled state.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/is_enabled \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/is_enabled'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"is_enabled" : true ,
"result" : "success"
}
1 2 3 4
Check if IP Ignoring is Global GET /api/v1/flock/settings/whitelisting/ip/is_global
Check if IP ignoring is set to Global for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the Global state.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/is_global \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/is_global'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"is_global" : true ,
"result" : "success"
}
1 2 3 4
Check if IP is Ignored GET /api/v1/flock/settings/whitelisting/ip/is_ip_whitelisted
Check if a hostname is ignored in a Flock's Ignore List.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
dst_port int
The destination port to check
Optional Parameters src_ip string
The source IP to check
Response A JSON structure with the ignored state.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/is_ip_whitelisted \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-d dst_port = EXAMPLE_DESTINATION_PORT \
-d src_ip = EXAMPLE_SOURCE_IP \
-G
1 2 3 4 5 6
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/is_ip_whitelisted'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID' ,
'dst_port' : EXAMPLE_DESTINATION_PORT,
'src_ip' : 'EXAMPLE_SOURCE_IP'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12 13 14
{
"is_whitelist_enabled" : true ,
"is_whitelisted" : true ,
"result" : "success"
}
1 2 3 4 5
Disable IP Ignore List POST /api/v1/flock/settings/whitelisting/ip/disable
Disable IP ignoring for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/disable \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/disable'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Enable IP Ignore List POST /api/v1/flock/settings/whitelisting/ip/enable
Enable IP ignoring for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/enable \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/enable'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Fetch Unsanitized Ignore List GET /api/v1/flock/settings/whitelisting/ip/string
Fetch the unsanitized ignore list string.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the unsanitized list.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/string \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/string'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success" ,
"whitelist" : "<ip_address>:<port>"
}
1 2 3 4
Inherit Global List By default, enabling the IP Ignore List for a Flock will ignore the Global settings and only use the Flock's settings. You can optionally choose to allow the Flock to set its own custom Ignore List and still inherit from the Global IP Ignore List.
Disable Inherit From Global POST /api/v1/flock/settings/whitelisting/ip/inherit_global/disable
Disable inheriting the Global IP Ignore List.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/inherit_global/disable \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/inherit_global/disable'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Enable Inherit From Global POST /api/v1/flock/settings/whitelisting/ip/inherit_global/enable
Enable inheriting the Global IP Ignore List.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/inherit_global/enable \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/inherit_global/enable'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
List Ignored IPs GET /api/v1/flock/settings/whitelisting/ip/sanitized
Fetch a sanitized list of ignored IPs and ports for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the ignored IPs for a Flock and the globally ignored ports for a Flock.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/sanitized \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/sanitized'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success" ,
"whitelist" : [
{
"<ip_address>" : {
"both" : [
<port>
]
}
} ,
[ <port>]
]
}
1 2 3 4 5 6 7 8 9 10 11 12 13
Set Ignored IPs POST /api/v1/flock/settings/whitelisting/ip/save
Set the list of ignored IPs for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Optional Parameters whitelist string
A comma separated list of IPs and ports to ignore
clear boolean
If true, clears the ignore list
TIP
At least one of the optional parameters is required.
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/save \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-d whitelist = EXAMPLE_IP_LIST
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/save'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID' ,
'whitelist' : 'EXAMPLE_IP_LIST'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12 13
{
"result" : "success"
}
1 2 3
Set Ignore List to Global POST /api/v1/flock/settings/whitelisting/ip/use_global
Set a Flock's ignore IP list to use Global.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/use_global \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/whitelisting/ip/use_global'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Last Updated: 10/23/2021, 9:32:57 PM
