SANS Blacklist

SANS Blacklist is a service that utilizes a radically different approach to blacklist formulation called Highly Predictive Blacklisting. Each DShield contributor can now access a unique HPB that reflects the most probable set of source addresses that will connect to that contributor's network over a prediction window that may last several days into the future.

Integration with LogicHub

Connecting with SANS Blacklist

To connect to SANS Blacklist following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Key: The API key to connect to the SANS Blacklist.

Actions with SANS Blacklist

IP Lookup

Submit an IP address to perform a lookup against SANS's IP range blacklist.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • IP Column: Column name from parent table to lookup value for IP.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "IP is mandatory"
}

Did this page help you?