Lists

An entity in the following lists is denied temporarily blocked, or always allowed to interact with any of your sites.

📍Location
Console

Settings  IWAF  Firewall
API

api.threatx.com/tx_api/v2/lists

Allow, Block and Deny Lists

Blacklist

An entity in the list is prevented from interacting with any of your sites.

Blocklist

An entity in the list is prevented from interacting with any of your sites. The block lasts for 30 minutes from the time the entity was added to the list. All requests made while the threat is blocked are tracked for valuable threat intelligence.

Whitelist

An entity in the list cannot be blocked or denied.

Once added to the Blacklist or Whitelist, the entity remains there permanently until it is manually removed. An administrator or ThreatX SOC can add an IP address or CIDR range, or manually remove an entity from the list.

You can add an entity as an IP address or CIDR to any of the lists manually, as described in Managing Threats.

You should exercise caution when manually adding a threat to the Blacklist or Whitelist to prevent a problem with legitimate traffic or always allowing malicious traffic.

If the ThreatX Risk-Based Blocking feature is enabled, the ThreatX platform can add a threat automatically to the Blacklist or Blocklist based on the threat’s behavior. The ThreatX behavioral analytics engine, hackerMind™, blocks persistently malicious threats when the threats’ behavior surpasses the Risk-Based Blocking threshold. The analytics engine automatically places a threat on the permanent Blacklist after it is blocked three times.

Once added to the Blacklist or Whitelist, the entity remains there permanently until it is manually removed. A user who has Write Access can manually remove an entity from the list, or you can request the ThreatX SOC to remove the entity.

ThreatX API List endpoint

🔗 URL

api.threatx.com/tx_api/v2/list

Use these List endpoint commands to manage one of the available lists.

≡ List the IP addresses currently within the list

list_{black,white,block}list

⏎ Return the details of a single IP entry

get_{black,white,block}list

➖ Delete one or more new entries

bulk_delete_{black,white,block}list

➖ Delete a single entry

delete_{black,white,block}list

Show Example
Request
$ curl https://api.threatx.com/tx_api/v2/lists \
  --header 'Content-Type: application/json' \
 --data @- <<EOF
{
  "command": "delete_blocklist",
  "token": "<api_token>",
  "customer_name": "<tenant_name>",
  "ip": "1.2.3.4"
}
EOF
Response
{"Ok": "Blocklist entry for IP 1.2.3.4 removed"}
➕ Add one or more new entries

bulk_new_{black,white,block}list

➕ Add a single IP address or CIDR

new_{black,white,block}list

Show example
Request
$ curl https://api.threatx.com/tx_api/v2/lists \
  --header 'Content-Type: application/json' \
  --data @- <<EOF
{
  "command":"new_blacklist",
  "token":"<api_token>",
  "customer_name":"<tenant_name>",
  "entry":{
     "ip":"1.2.3.4",
     "description":"Test Blacklist",
      "created":1
  }
}
EOF
Response
{ "ok": "blacklist entry for ip 1.2.3.4 added" }