Netscout Arbor Edge Defense (AED) secures the internet data center edge from threats against availability — specifically from application-layer, distributed denial of service (DDoS) attacks.
This document provides information about the Netscout AED Connector, which facilitates automated interactions, with a Netscout AED server using FortiSOAR™ playbooks. Add the Netscout AED Connector as a step in FortiSOAR™ playbooks and perform automated operations with Netscout AED.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.4.1-3167
Netscout AED Version Tested on: 7.0.1.0 (build NFUL) (arch x86_64)
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-arbor-aed
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Netscout AED connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Specify the server URL of the Netscout AED instance. |
| API Key | Specify the API Key generated in Netscout AED instance. |
| Verify SSL | Select whether the SSL certificate for the server is to be verified. By default, this option is set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Countries | Retrieves the Netscout AED country codes and names based on the country names and other filter criteria you have specified. | get_countries Investigation |
| Create Inbound Protection Groups | Creates an Netscout AED protection group based on the protection group name, IP addresses, protection group server type, and other input parameters you have specified. | create_inbound_protection_groups Investigation |
| Get Inbound Protection Groups | Retrieves all the inbound protection groups or specific inbound protection groups from the Netscout AED protection groups based on the protection group identifier, name, and other filter criteria you have specified. | get_inbound_protection_groups Investigation |
| Update Inbound Protection Groups | Modifies the mode or the protection level for specific inbound protection groups based on the protection group IDs you have specified. | update_inbound_protection_groups Investigation |
| Add Inbound Blacklist Countries | Adds one or more countries to the Netscout AED blocked-list based on the country codes and protection group IDs (PGID) or central configuration IDs (CID) you have specified. | add_inbound_blacklist_countries Investigation |
| Get Inbound Blacklisted Countries | Retrieves all the inbound blocked-list countries or specific inbound blocked-list countries based on the country codes, protection group IDs, central configuration IDs, or other filter criteria you have specified. By default, 10 blocked-list countries are returned. An ID of -1 selects countries that are in the global blocked-list. |
get_inbound_blacklisted_countries Investigation |
| Remove Inbound Blacklisted Countries | Removes one or more countries from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the country codes, protection group IDs, central configuration IDs, or other filter criteria you have specified. | remove_inbound_blacklisted_countries Investigation |
| Add Inbound Blacklist Domains | Adds one or more domains to the Netscout AED blocked-list based on the domain names, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | add_inbound_blacklist_domains Investigation |
| Get Inbound Blacklisted Domains | Retrieves all the inbound blocked-list domains or specific inbound blocked-list domains based on the domain names, protection group IDs, central configuration IDs, or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_inbound_blacklisted_domains Investigation |
| Remove Inbound Blacklisted Domains | Removes one or more domains from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the domain names, protection group IDs, or central configuration IDs (CID) you have specified. | remove_inbound_blacklisted_domains Investigation |
| Add Inbound Blacklist Hosts | Adds one or more hosts to the Netscout AED blocked-list based on the host addresses, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | add_inbound_blacklist_hosts Investigation |
| Get Inbound Blacklisted Hosts | Retrieves all the inbound blocked-list hosts or specific inbound blocked-list hosts based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_inbound_blacklisted_hosts Investigation |
| Remove Inbound Blacklisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the host addresses, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | remove_inbound_blacklisted_hosts Investigation |
| Add Inbound Whitelisted Hosts | Adds one or more hosts to the Netscout AED allowed-list based on the host addresses, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | add_inbound_whitelisted_hosts Investigation |
| Get Inbound Whitelisted Hosts | Retrieves all the inbound allowed-list hosts or specific inbound allowed-list hosts based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global allowed-list. |
get_inbound_whitelisted_hosts Investigation |
| Remove Inbound Whitelisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED allowed-list for a specific protection group or for all protection groups based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global allowed-list. |
remove_inbound_whitelisted_hosts Investigation |
| Add Inbound Blacklist URLs | Adds one or more URLs to the Netscout AED blocked-list based on the URL and protection group IDs (PGID) or central configuration IDs (CID) you have specified. | add_inbound_blacklist_urls Investigation |
| Get Inbound Blacklisted URLs | Retrieves all the inbound blocked-list URLs or specific inbound blocked-list URLs based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_inbound_blacklisted_urls Investigation |
| Remove Inbound Blacklisted URLs | Removes one or more URLs from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the URLs and protection group IDs (PGID) or central configuration IDs (CID) you have specified. | remove_inbound_blacklisted_urls Investigation |
| Add Outbound Blacklist Hosts | Adds one or more hosts to the Netscout AED outbound blocked-list based on the host addresses or CIDRs you have specified. | add_outbound_blacklist_hosts Investigation |
| Get Outbound Blacklisted Hosts | Retrieves all the outbound blocked-list hosts or specific outbound blocked-list hosts based on the host addresses, or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_outbound_blacklisted_hosts Investigation |
| Remove Outbound Blacklisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED outbound blocked-list based on the host addresses or CIDRs you have specified. | remove_outbound_blacklisted_hosts Investigation |
| Add Outbound Whitelist Hosts | Adds one or more hosts to the Netscout AED outbound allowed-list based on the host addresses or CIDRs you have specified. | add_outbound_whitelisted_hosts Investigation |
| Get Outbound Whitelisted Hosts | Retrieves all the outbound allowed-list hosts or specific outbound allowed-list hosts based on the host addresses, or other filter criteria you have specified. An ID of -1 selects domains that are in the global allowed-list. |
get_outbound_whitelisted_hosts Investigation |
| Remove Outbound Whitelisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED outbound allowed-list based on the host addresses or CIDRs you have specified. | remove_outbound_whitelisted_hosts Investigation |
| Parameter | Description |
|---|---|
| Queue | Specify the list of country names, separated by a +, based on which you want to filter the results of this operation. |
| Response Fields | Specify the list of keys, separated by a +, based on which you want to filter the results of this operation. |
| Sort | Specify the sorting criteria to sort the results retrieved by this operation. You can use either the country or the name as the sorting key. By default, this is set to name. |
| Direction | Select the sorting order in which to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the index of the first item to be returned by this operation. This parameter is useful if you want to get a subset of records, say countries starting from the 10th country. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"countries": [
{
"country": "",
"name": ""
}
]
}
| Parameter | Description |
|---|---|
| Protection Group Name | Specify the name of the protection group to create in Netscout AED. |
| IP Addresses or CIDRs | Specify the list of comma-separated IP addresses or CIDRs to the protection group being created in Netscout AED.
NOTE: Any IP Addresses or CIDRs that do not match the IP version of the specified protection group server type is ignored. |
| Protection Group Server Type | Specify the Netscout AED group server type in which to create the protection group. |
| Description | Specify the description of the protection group being created in Netscout AED. |
| Active | Select this checkbox to set the mode of the protection group to Active in Netscout AED. |
| Protection Level | Select the level of protection to set for the protection group being created in Netscout AED. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"active": "",
"bpsDropped": "",
"bpsPassed": "",
"bytesDropped": "",
"bytesPassed": "",
"description": "",
"name": "",
"packetsDropped": "",
"packetsPassed": "",
"pgid": "",
"ppsDropped": "",
"ppsPassed": "",
"prefixes": [],
"protectionLevel": "",
"serverName": "",
"serverType": "",
"timeCreated": ""
}
| Parameter | Description |
|---|---|
| Protection Group Identifier | Specify the protection group identifier to filter the results retrieved from Netscout AED. |
| Protection Group Name | Specify the name of the protection group to filter the results retrieved from Netscout AED. |
| Description | Specify the description of the protection group to filter the results retrieved from Netscout AED. |
| Created Time | Select the time of the creation of the protection group to filter the results retrieved from Netscout AED. |
| Active | Select the mode of the protection group to filter the results retrieved from Netscout AED. You can choose from the following options:
|
| Protection Level | Select the level of protection for the protection group to filter the results retrieved from Netscout AED. You can choose from the following options:
|
| Sort | Specify the sorting key used to sort the protection groups retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
| Other Fields | Specify other fields to filter results returned by this operation. You can specify fields such as Search Criteria, which is used to determine dynamic membership, or the Links field defined JSON requests. |
The output contains the following populated JSON schema:
{
"protection-groups": [
{
"active": "",
"bpsDropped": "",
"bpsPassed": "",
"bytesDropped": "",
"bytesPassed": "",
"cid": "",
"description": "",
"name": "",
"packetsDropped": "",
"packetsPassed": "",
"pgid": "",
"ppsDropped": "",
"ppsPassed": "",
"prefixes": [],
"profiling": "",
"profilingDuration": "",
"profilingStart": "",
"protectionLevel": "",
"serverName": "",
"serverType": "",
"timeCreated": ""
}
]
}
| Parameter | Description |
|---|---|
| Protection Group IDs | Specify a comma-separated list of protection group IDs to update in Netscout AED. |
| Active | Select the mode of the protection group to update in Netscout AED. You can choose from the following options:
|
| Protection Level | Select the level of protection for the protection group to update in Netscout AED. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"protection-groups": [
{
"active": "",
"bpsDropped": "",
"bpsPassed": "",
"bytesDropped": "",
"bytesPassed": "",
"description": "",
"name": "",
"packetsDropped": "",
"packetsPassed": "",
"pgid": "",
"ppsDropped": "",
"ppsPassed": "",
"prefixes": [],
"protectionLevel": "",
"serverName": "",
"serverType": "",
"timeCreated": ""
}
]
}
| Parameter | Description |
|---|---|
| Country Code | Specify the ISO-standardized country code or a comma-separated list of country codes to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add the country to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a message to associate with each country being added to the blocked-list. |
The output contains the following populated JSON schema:
{
"countries": [
{
"cid": [],
"country": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Country Code | Specify the ISO-standardized country code or a comma-separated list of country codes to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve countries from the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-countries": [
{
"cid": [],
"country": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Country | Specify the ISO-standardized country code or a comma-separated list of country codes to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove the country from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Domain | Specify a domain name or a comma-separated list of domain names to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add the domain to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a message to associate with each domain being added to the blocked-list. |
The output contains the following populated JSON schema:
{
"domains": [
{
"cid": [],
"domain": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain | Specify comma-separated list of domains to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the domains that are part of the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-domains": [
{
"cid": [],
"domain": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain | Specify a domain name or a comma-separated list of domain names to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove the domain from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add hosts to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a description, or a comma-separated list of descriptions, each of which applies to the added hosts. |
The output contains the following populated JSON schema:
{
"hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the hosts that are part of the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove hosts from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the allowed-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add hosts to the allowed-list in Netscout AED. You can select from the following options:
|
The output contains the following populated JSON schema:
{
"hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the allowed-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the hosts that are part of the allowed-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"whitelisted-hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the allowed-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove hosts from the allowed-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| URL | Specify a URL or a comma-separated list of URLs to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add the URL to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a message to associate with each URL being added to the blocked-list. |
The output contains the following populated JSON schema:
{
"urls": [
{
"cid": [],
"pgid": [],
"updateTime": "",
"url": ""
}
]
}
| Parameter | Description |
|---|---|
| URL | Specify comma-separated list of URLs to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the URLs that are part of the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-urls": [
{
"cid": [],
"pgid": [],
"updateTime": "",
"url": ""
}
]
}
| Parameter | Description |
|---|---|
| URL | Specify a URL or a comma-separated list of URLs to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove the URL from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the blocked-list in Netscout AED. |
| Annotation | Specify a description, or a comma-separated list of descriptions, each of which applies to the added hosts. |
The output contains the following populated JSON schema:
{
"hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the blocked-list in Netscout AED. |
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
| Other Fields | Specify other fields to filter results returned by this operation. You can find these fields in Endpoints API Documentation on your AED setup. |
The output contains the following populated JSON schema:
{
"blacklisted-hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the blocked-list in Netscout AED. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the allowed-list in Netscout AED. |
| Annotation | Specify a description, or a comma-separated list of descriptions, each of which applies to the added hosts. |
The output contains the following populated JSON schema:
{
"hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the allowed-list in Netscout AED. |
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
| Other Fields | Specify other fields to filter results returned by this operation. You can find these fields in Endpoints API Documentation on your AED setup. |
The output contains the following populated JSON schema:
{
"whitelisted-hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the allowed-list in Netscout AED. |
The output contains a non-dictionary value.
The Sample - Netscout AED - 1.0.0 playbook collection comes bundled with the Netscout AED connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Netscout AED connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Netscout Arbor Edge Defense (AED) secures the internet data center edge from threats against availability — specifically from application-layer, distributed denial of service (DDoS) attacks.
This document provides information about the Netscout AED Connector, which facilitates automated interactions, with a Netscout AED server using FortiSOAR™ playbooks. Add the Netscout AED Connector as a step in FortiSOAR™ playbooks and perform automated operations with Netscout AED.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.4.1-3167
Netscout AED Version Tested on: 7.0.1.0 (build NFUL) (arch x86_64)
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-arbor-aed
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Netscout AED connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | Specify the server URL of the Netscout AED instance. |
| API Key | Specify the API Key generated in Netscout AED instance. |
| Verify SSL | Select whether the SSL certificate for the server is to be verified. By default, this option is set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Countries | Retrieves the Netscout AED country codes and names based on the country names and other filter criteria you have specified. | get_countries Investigation |
| Create Inbound Protection Groups | Creates an Netscout AED protection group based on the protection group name, IP addresses, protection group server type, and other input parameters you have specified. | create_inbound_protection_groups Investigation |
| Get Inbound Protection Groups | Retrieves all the inbound protection groups or specific inbound protection groups from the Netscout AED protection groups based on the protection group identifier, name, and other filter criteria you have specified. | get_inbound_protection_groups Investigation |
| Update Inbound Protection Groups | Modifies the mode or the protection level for specific inbound protection groups based on the protection group IDs you have specified. | update_inbound_protection_groups Investigation |
| Add Inbound Blacklist Countries | Adds one or more countries to the Netscout AED blocked-list based on the country codes and protection group IDs (PGID) or central configuration IDs (CID) you have specified. | add_inbound_blacklist_countries Investigation |
| Get Inbound Blacklisted Countries | Retrieves all the inbound blocked-list countries or specific inbound blocked-list countries based on the country codes, protection group IDs, central configuration IDs, or other filter criteria you have specified. By default, 10 blocked-list countries are returned. An ID of -1 selects countries that are in the global blocked-list. |
get_inbound_blacklisted_countries Investigation |
| Remove Inbound Blacklisted Countries | Removes one or more countries from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the country codes, protection group IDs, central configuration IDs, or other filter criteria you have specified. | remove_inbound_blacklisted_countries Investigation |
| Add Inbound Blacklist Domains | Adds one or more domains to the Netscout AED blocked-list based on the domain names, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | add_inbound_blacklist_domains Investigation |
| Get Inbound Blacklisted Domains | Retrieves all the inbound blocked-list domains or specific inbound blocked-list domains based on the domain names, protection group IDs, central configuration IDs, or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_inbound_blacklisted_domains Investigation |
| Remove Inbound Blacklisted Domains | Removes one or more domains from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the domain names, protection group IDs, or central configuration IDs (CID) you have specified. | remove_inbound_blacklisted_domains Investigation |
| Add Inbound Blacklist Hosts | Adds one or more hosts to the Netscout AED blocked-list based on the host addresses, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | add_inbound_blacklist_hosts Investigation |
| Get Inbound Blacklisted Hosts | Retrieves all the inbound blocked-list hosts or specific inbound blocked-list hosts based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_inbound_blacklisted_hosts Investigation |
| Remove Inbound Blacklisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the host addresses, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | remove_inbound_blacklisted_hosts Investigation |
| Add Inbound Whitelisted Hosts | Adds one or more hosts to the Netscout AED allowed-list based on the host addresses, protection group IDs (PGID), or central configuration IDs (CID) you have specified. | add_inbound_whitelisted_hosts Investigation |
| Get Inbound Whitelisted Hosts | Retrieves all the inbound allowed-list hosts or specific inbound allowed-list hosts based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global allowed-list. |
get_inbound_whitelisted_hosts Investigation |
| Remove Inbound Whitelisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED allowed-list for a specific protection group or for all protection groups based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global allowed-list. |
remove_inbound_whitelisted_hosts Investigation |
| Add Inbound Blacklist URLs | Adds one or more URLs to the Netscout AED blocked-list based on the URL and protection group IDs (PGID) or central configuration IDs (CID) you have specified. | add_inbound_blacklist_urls Investigation |
| Get Inbound Blacklisted URLs | Retrieves all the inbound blocked-list URLs or specific inbound blocked-list URLs based on the host addresses, protection group IDs (PGID), central configuration IDs (CID), or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_inbound_blacklisted_urls Investigation |
| Remove Inbound Blacklisted URLs | Removes one or more URLs from the Netscout AED blocked-list for a specific protection group or for all protection groups based on the URLs and protection group IDs (PGID) or central configuration IDs (CID) you have specified. | remove_inbound_blacklisted_urls Investigation |
| Add Outbound Blacklist Hosts | Adds one or more hosts to the Netscout AED outbound blocked-list based on the host addresses or CIDRs you have specified. | add_outbound_blacklist_hosts Investigation |
| Get Outbound Blacklisted Hosts | Retrieves all the outbound blocked-list hosts or specific outbound blocked-list hosts based on the host addresses, or other filter criteria you have specified. An ID of -1 selects domains that are in the global blocked-list. |
get_outbound_blacklisted_hosts Investigation |
| Remove Outbound Blacklisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED outbound blocked-list based on the host addresses or CIDRs you have specified. | remove_outbound_blacklisted_hosts Investigation |
| Add Outbound Whitelist Hosts | Adds one or more hosts to the Netscout AED outbound allowed-list based on the host addresses or CIDRs you have specified. | add_outbound_whitelisted_hosts Investigation |
| Get Outbound Whitelisted Hosts | Retrieves all the outbound allowed-list hosts or specific outbound allowed-list hosts based on the host addresses, or other filter criteria you have specified. An ID of -1 selects domains that are in the global allowed-list. |
get_outbound_whitelisted_hosts Investigation |
| Remove Outbound Whitelisted Hosts | Removes one or more hosts or CIDRs from the Netscout AED outbound allowed-list based on the host addresses or CIDRs you have specified. | remove_outbound_whitelisted_hosts Investigation |
| Parameter | Description |
|---|---|
| Queue | Specify the list of country names, separated by a +, based on which you want to filter the results of this operation. |
| Response Fields | Specify the list of keys, separated by a +, based on which you want to filter the results of this operation. |
| Sort | Specify the sorting criteria to sort the results retrieved by this operation. You can use either the country or the name as the sorting key. By default, this is set to name. |
| Direction | Select the sorting order in which to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the index of the first item to be returned by this operation. This parameter is useful if you want to get a subset of records, say countries starting from the 10th country. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"countries": [
{
"country": "",
"name": ""
}
]
}
| Parameter | Description |
|---|---|
| Protection Group Name | Specify the name of the protection group to create in Netscout AED. |
| IP Addresses or CIDRs | Specify the list of comma-separated IP addresses or CIDRs to the protection group being created in Netscout AED.
NOTE: Any IP Addresses or CIDRs that do not match the IP version of the specified protection group server type is ignored. |
| Protection Group Server Type | Specify the Netscout AED group server type in which to create the protection group. |
| Description | Specify the description of the protection group being created in Netscout AED. |
| Active | Select this checkbox to set the mode of the protection group to Active in Netscout AED. |
| Protection Level | Select the level of protection to set for the protection group being created in Netscout AED. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"active": "",
"bpsDropped": "",
"bpsPassed": "",
"bytesDropped": "",
"bytesPassed": "",
"description": "",
"name": "",
"packetsDropped": "",
"packetsPassed": "",
"pgid": "",
"ppsDropped": "",
"ppsPassed": "",
"prefixes": [],
"protectionLevel": "",
"serverName": "",
"serverType": "",
"timeCreated": ""
}
| Parameter | Description |
|---|---|
| Protection Group Identifier | Specify the protection group identifier to filter the results retrieved from Netscout AED. |
| Protection Group Name | Specify the name of the protection group to filter the results retrieved from Netscout AED. |
| Description | Specify the description of the protection group to filter the results retrieved from Netscout AED. |
| Created Time | Select the time of the creation of the protection group to filter the results retrieved from Netscout AED. |
| Active | Select the mode of the protection group to filter the results retrieved from Netscout AED. You can choose from the following options:
|
| Protection Level | Select the level of protection for the protection group to filter the results retrieved from Netscout AED. You can choose from the following options:
|
| Sort | Specify the sorting key used to sort the protection groups retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
| Other Fields | Specify other fields to filter results returned by this operation. You can specify fields such as Search Criteria, which is used to determine dynamic membership, or the Links field defined JSON requests. |
The output contains the following populated JSON schema:
{
"protection-groups": [
{
"active": "",
"bpsDropped": "",
"bpsPassed": "",
"bytesDropped": "",
"bytesPassed": "",
"cid": "",
"description": "",
"name": "",
"packetsDropped": "",
"packetsPassed": "",
"pgid": "",
"ppsDropped": "",
"ppsPassed": "",
"prefixes": [],
"profiling": "",
"profilingDuration": "",
"profilingStart": "",
"protectionLevel": "",
"serverName": "",
"serverType": "",
"timeCreated": ""
}
]
}
| Parameter | Description |
|---|---|
| Protection Group IDs | Specify a comma-separated list of protection group IDs to update in Netscout AED. |
| Active | Select the mode of the protection group to update in Netscout AED. You can choose from the following options:
|
| Protection Level | Select the level of protection for the protection group to update in Netscout AED. You can choose from the following options:
|
The output contains the following populated JSON schema:
{
"protection-groups": [
{
"active": "",
"bpsDropped": "",
"bpsPassed": "",
"bytesDropped": "",
"bytesPassed": "",
"description": "",
"name": "",
"packetsDropped": "",
"packetsPassed": "",
"pgid": "",
"ppsDropped": "",
"ppsPassed": "",
"prefixes": [],
"protectionLevel": "",
"serverName": "",
"serverType": "",
"timeCreated": ""
}
]
}
| Parameter | Description |
|---|---|
| Country Code | Specify the ISO-standardized country code or a comma-separated list of country codes to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add the country to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a message to associate with each country being added to the blocked-list. |
The output contains the following populated JSON schema:
{
"countries": [
{
"cid": [],
"country": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Country Code | Specify the ISO-standardized country code or a comma-separated list of country codes to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve countries from the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-countries": [
{
"cid": [],
"country": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Country | Specify the ISO-standardized country code or a comma-separated list of country codes to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove the country from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Domain | Specify a domain name or a comma-separated list of domain names to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add the domain to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a message to associate with each domain being added to the blocked-list. |
The output contains the following populated JSON schema:
{
"domains": [
{
"cid": [],
"domain": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain | Specify comma-separated list of domains to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the domains that are part of the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-domains": [
{
"cid": [],
"domain": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain | Specify a domain name or a comma-separated list of domain names to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove the domain from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add hosts to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a description, or a comma-separated list of descriptions, each of which applies to the added hosts. |
The output contains the following populated JSON schema:
{
"hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the hosts that are part of the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove hosts from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the allowed-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add hosts to the allowed-list in Netscout AED. You can select from the following options:
|
The output contains the following populated JSON schema:
{
"hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the allowed-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the hosts that are part of the allowed-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"whitelisted-hosts": [
{
"cid": [],
"hostAddress": "",
"pgid": [],
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the allowed-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove hosts from the allowed-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| URL | Specify a URL or a comma-separated list of URLs to add to the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to add the URL to the blocked-list in Netscout AED. You can select from the following options:
|
| Annotation | Specify a message to associate with each URL being added to the blocked-list. |
The output contains the following populated JSON schema:
{
"urls": [
{
"cid": [],
"pgid": [],
"updateTime": "",
"url": ""
}
]
}
| Parameter | Description |
|---|---|
| URL | Specify comma-separated list of URLs to retrieve from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to retrieve the URLs that are part of the blocked-list in Netscout AED. You can select from the following options:
|
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
The output contains the following populated JSON schema:
{
"blacklisted-urls": [
{
"cid": [],
"pgid": [],
"updateTime": "",
"url": ""
}
]
}
| Parameter | Description |
|---|---|
| URL | Specify a URL or a comma-separated list of URLs to remove from the blocked-list in Netscout AED. |
| Select CID or PGID | Select the parameter based on which to remove the URL from the blocked-list in Netscout AED. You can select from the following options:
|
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the blocked-list in Netscout AED. |
| Annotation | Specify a description, or a comma-separated list of descriptions, each of which applies to the added hosts. |
The output contains the following populated JSON schema:
{
"hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the blocked-list in Netscout AED. |
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
| Other Fields | Specify other fields to filter results returned by this operation. You can find these fields in Endpoints API Documentation on your AED setup. |
The output contains the following populated JSON schema:
{
"blacklisted-hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the blocked-list in Netscout AED. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to add to the allowed-list in Netscout AED. |
| Annotation | Specify a description, or a comma-separated list of descriptions, each of which applies to the added hosts. |
The output contains the following populated JSON schema:
{
"hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to retrieve from the allowed-list in Netscout AED. |
| Update Time | Specify the last updated or set time to filter results of this operation. |
| Queue | Specify a list of + delimited key values based on which to filter the results of this operation. |
| Response Fields | Specify a list of comma-separated keys to include in the results of this operation. |
| Sort | Specify the sorting key to sort the results retrieved by this operation. |
| Direction | Specify the order to sort the results of this operation. You can choose from following options:
|
| Page Number | Specify the page number from which results are to be returned by this operation. This parameter is useful if you want to get a subset of records. By default, this is set as 1. |
| Records Per Page | Specify the number of results per page that this operation should return. By default, this is set to 10. |
| Other Fields | Specify other fields to filter results returned by this operation. You can find these fields in Endpoints API Documentation on your AED setup. |
The output contains the following populated JSON schema:
{
"whitelisted-hosts": [
{
"hostAddress": "",
"updateTime": ""
}
]
}
| Parameter | Description |
|---|---|
| Host Address | Specify one, or multiple comma-separated hosts (IP4 or IPv6) or CIDRs, to remove from the allowed-list in Netscout AED. |
The output contains a non-dictionary value.
The Sample - Netscout AED - 1.0.0 playbook collection comes bundled with the Netscout AED connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Netscout AED connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.