# Default Ignore List

If you want to ignore traffic from a specific IP address and/or traffic hitting a specific port on your Birds, you can use these endpoints.

There are times when you see alerts that are generated from known, expected IPs (such as scanners). In cases like this, you can add the known IP to an Ignore List which allows your Flock to filter traffic and only alerted you on unexpected incidents.

TIP

These endpoints will set the Ignore Lists for specified Flocks. For Globally defined Ignore lists, you can take a look at the Console Settings.

# Add IP and Port to Ignore List

POST /api/v1/flock/settings/whitelisting/ip/whitelist_ip_port

Add an IP and optional Port to the Ignore List.

Required Parameters

auth_token string
A valid auth token
flock_id string
A valid flock_id
src_ip string
The source IP to ignore

Optional Parameters

dst_port int
The destination port to ignore

Response

A JSON structure with result indicator.

Example

    Response
    {
      "result": "success"
    }
    
    1
    2
    3

    # Check if IP Ignoring is Enabled

    GET /api/v1/flock/settings/whitelisting/ip/is_enabled

    Check if IP ignoring is enabled for a Flock.

    Required Parameters

    auth_token string
    A valid auth token
    flock_id string
    A valid flock_id

    Response

    A JSON structure with the enabled state.

    Example

      Response
      {
        "is_enabled": true,
        "result": "success"
      }
      
      1
      2
      3
      4

      # Check if IP Ignoring is Global

      GET /api/v1/flock/settings/whitelisting/ip/is_global

      Check if IP ignoring is set to Global for a Flock.

      Required Parameters

      auth_token string
      A valid auth token
      flock_id string
      A valid flock_id

      Response

      A JSON structure with the Global state.

      Example

        Response
        {
          "is_global": true,
          "result": "success"
        }
        
        1
        2
        3
        4

        # Check if IP is Ignored

        GET /api/v1/flock/settings/whitelisting/ip/is_ip_whitelisted

        Check if a hostname is ignored in a Flock's Ignore List.

        Required Parameters

        auth_token string
        A valid auth token
        flock_id string
        A valid flock_id
        dst_port int
        The destination port to check

        Optional Parameters

        src_ip string
        The source IP to check

        Response

        A JSON structure with the ignored state.

        Example

          Response
          {
            "is_whitelist_enabled": true,
            "is_whitelisted": true,
            "result": "success"
          }
          
          1
          2
          3
          4
          5

          # Disable IP Ignore List

          POST /api/v1/flock/settings/whitelisting/ip/disable

          Disable IP ignoring for a Flock.

          Required Parameters

          auth_token string
          A valid auth token
          flock_id string
          A valid flock_id

          Response

          A JSON structure with result indicator.

          Example

            Response
            {
              "result": "success"
            }
            
            1
            2
            3

            # Enable IP Ignore List

            POST /api/v1/flock/settings/whitelisting/ip/enable

            Enable IP ignoring for a Flock.

            Required Parameters

            auth_token string
            A valid auth token
            flock_id string
            A valid flock_id

            Response

            A JSON structure with result indicator.

            Example

              Response
              {
                "result": "success"
              }
              
              1
              2
              3

              # Fetch Unsanitized Ignore List

              GET /api/v1/flock/settings/whitelisting/ip/string

              Fetch the unsanitized ignore list string.

              Required Parameters

              auth_token string
              A valid auth token
              flock_id string
              A valid flock_id

              Response

              A JSON structure with the unsanitized list.

              Example

                Response
                {
                  "result": "success",
                  "whitelist": "<ip_address>:<port>"
                }
                
                1
                2
                3
                4

                # Inherit Global List

                By default, enabling the IP Ignore List for a Flock will ignore the Global settings and only use the Flock's settings. You can optionally chose to allow the Flock to set it's own custom Ignore List and still inherit from the Global IP Ignore List.

                # Disable Inherit From Global

                POST /api/v1/flock/settings/whitelisting/ip/inherit_global/disable

                Disable inheriting the Global IP Ignore List.

                Required Parameters

                auth_token string
                A valid auth token
                flock_id string
                A valid flock_id

                Response

                A JSON structure with result indicator.

                Example

                  Response
                  {
                    "result": "success"
                  }
                  
                  1
                  2
                  3

                  # Enable Inherit From Global

                  POST /api/v1/flock/settings/whitelisting/ip/inherit_global/enable

                  Enable inheriting the Global IP Ignore List.

                  Required Parameters

                  auth_token string
                  A valid auth token
                  flock_id string
                  A valid flock_id

                  Response

                  A JSON structure with result indicator.

                  Example

                    Response
                    {
                      "result": "success"
                    }
                    
                    1
                    2
                    3

                    # List Ignored IPs

                    GET /api/v1/flock/settings/whitelisting/ip/sanitized

                    Fetch a sanitized list of ignored IPs and ports for a Flock.

                    Required Parameters

                    auth_token string
                    A valid auth token
                    flock_id string
                    A valid flock_id

                    Response

                    A JSON structure with the ignored IPs for a Flock and the globally ignored ports for a Flock.

                    Example

                      Response
                      {
                        "result": "success",
                        "whitelist": [
                          {
                            "<ip_address>": {
                              "both": [
                                <port>
                              ]
                            }
                          },
                          [<port>]
                        ]
                      }
                      
                      1
                      2
                      3
                      4
                      5
                      6
                      7
                      8
                      9
                      10
                      11
                      12
                      13

                      # Set Ignored IPs

                      POST /api/v1/flock/settings/whitelisting/ip/save

                      Set the list of ignored IPs for a Flock.

                      Required Parameters

                      auth_token string
                      A valid auth token
                      flock_id string
                      A valid flock_id

                      Optional Parameters

                      whitelist string
                      A newline separated list of IPs and ports to ignore
                      clear boolean
                      If true, clears the ignore list

                      TIP

                      At least one of the optional parameters is required.

                      Response

                      A JSON structure with result indicator.

                      Example

                        Response
                        {
                          "result": "success"
                        }
                        
                        1
                        2
                        3

                        # Set Ignore List to Global

                        POST /api/v1/flock/settings/whitelisting/ip/use_global

                        Set a Flock's ignore IP list to use Global.

                        Required Parameters

                        auth_token string
                        A valid auth token
                        flock_id string
                        A valid flock_id

                        Response

                        A JSON structure with result indicator.

                        Example

                          Response
                          {
                            "result": "success"
                          }
                          
                          1
                          2
                          3