Hostname Ignore List If you want to ignore traffic from a specific source hostname, you can use these endpoints.
There are times when you see alerts that are generated from known, expected hostnames (such as scanners). In cases like this, you can add the known hostname to an Ignore List which allows your Flock to filter traffic and only alerts you on unexpected incidents.
TIP
These endpoints will set the Ignore Lists for specified Flocks. For Globally defined Ignore lists, you can take a look at the Console Settings .
Add Hostname to Ignore List POST /api/v1/flock/settings/ignorelist/hostname/ignorelist_hostname
Add a hostname to the ignore list for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
hostname string
The source hostname to ignore
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/ignorelist_hostname \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-d hostname = EXAMPLE_HOSTNAME
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/ignorelist_hostname'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID' ,
'hostname' : 'EXAMPLE_HOSTNAME'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12 13
{
"result" : "success"
}
1 2 3
Check if Hostname Ignoring is Enabled GET /api/v1/flock/settings/ignorelist/hostname/is_enabled
Check if hostname ignoring is enabled for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the enabled state.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/is_enabled \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/is_enabled'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"is_enabled" : true ,
"result" : "success"
}
1 2 3 4
Check if Hostname Ignoring is Global GET /api/v1/flock/settings/ignorelist/hostname/is_global
Check if hostname ignoring is set to Global for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the Global state.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/is_global \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/is_global'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"is_global" : true ,
"result" : "success"
}
1 2 3 4
Check if Hostname is Ignored GET /api/v1/flock/settings/ignorelist/hostname/is_hostname_ignorelisted
Check if a hostname is ignored in a Flock's Ignore List.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
hostname string
The source hostname to check
Response A JSON structure with the ignored state.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/is_hostname_ignorelisted \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-d hostname = EXAMPLE_HOSTNAME \
-G
1 2 3 4 5
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/is_hostname_ignorelisted'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID' ,
'hostname' : 'EXAMPLE_HOSTNAME'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12 13
{
"is_ignorelist_enabled" : true ,
"is_ignorelisted" : true ,
"result" : "success"
}
1 2 3 4 5
Disable Hostname Ignore List POST /api/v1/flock/settings/ignorelist/hostname/disable
Disable hostname ignoring for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/disable \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/disable'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Enable Hostname Ignore List POST /api/v1/flock/settings/ignorelist/hostname/enable
Enable hostname ignoring for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/enable \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/enable'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Fetch Unsanitized Ignore List GET /api/v1/flock/settings/ignorelist/hostname/string
Fetch the unsanitized ignore list string.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with the unsanitized list.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/string \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/string'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"ignorelist" : "<hostname>" ,
"result" : "success"
}
1 2 3 4
List Ignored Hostnames GET /api/v1/flock/settings/ignorelist/hostname/sanitized
Fetch a sanitized list of ignored hostnames for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with a list of ignored hostnames for a Flock.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/sanitized \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/sanitized'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"ignorelist" : [
"<hostname>" ,
"<hostname>"
] ,
"result" : "success"
}
1 2 3 4 5 6 7
Set Ignored Hostnames POST /api/v1/flock/settings/ignorelist/hostname/save
Set the list of ignored hostnames for a Flock.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Optional Parameters ignorelist string
A newline separated list of hostnames to ignore
clear boolean
If true, clears the ignore list
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/save \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID \
-d ignorelist = $'FIRST_HOSTNAME\n SECONDHOSTNAME'
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/save'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID' ,
'ignorelist' : 'FIRST_HOSTNAME\nSECOND_HOSTNAME'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12 13
{
"result" : "success"
}
1 2 3
Set Ignore List to Global POST /api/v1/flock/settings/ignorelist/hostname/use_global
Set a Flock's ignore hostname list to use Global.
Show details
Required Parameters auth_token string
A valid auth token
flock_id string
A valid flock_id
Response A JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/use_global \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d flock_id = EXAMPLE_FLOCK_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/flock/settings/ignorelist/hostname/use_global'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'flock_id' : 'EXAMPLE_FLOCK_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"result" : "success"
}
1 2 3
Last Updated: 10/23/2021, 9:33:44 PM
