Added ip-feed and ip-feed-batch. (#539)

* Added GET Pre-Defined EDL

New API

* Added examples and additional content

* Bug fix

* Review updates

* Add files via upload

Added ip-feed and ip-feed-batch

* Additional IP list changes

* Minor changes for IP feed update

Changed RN entry status and fixed typo

* ATP Reports Update

Added additional report response fields.

---------

Co-authored-by: Steven Serrata <[email protected]>

package.json

@@ -23,7 +23,7 @@
     "re-gen": "yarn clean-all && yarn gen-all",
     "getBlogs": "curl -H \"Accept: application/json\" \"https://api.rss2json.com/v1/api.json?rss_url=https%3A%2F%2Fmedium.com%2Ffeed%2Fpalo-alto-networks-developer-blog\" -o src/components/Medium/blogs.json",
     "getHashicorpBlogs": "curl -H \"Accept: application/json\" \"https://api.rss2json.com/v1/api.json?rss_url=https%3A%2F%2Fwww.hashicorp.com%2Fblog%2Fproducts%2Fterraform%2Ffeed.xml\" -o src/components/ProductLandingPage/Feeds/feeds.json",
-    "start:netsec": "cross-env PRODUCTS_INCLUDE=cdss,threat-vault,dns-security,iot,expedition,cloudngfw,cdl,panos,terraform,ansible,splunk,aiops-ngfw yarn start",
+    "start:netsec": "cross-env PRODUCTS_INCLUDE=cdss,threat-vault,dns-security,iot,expedition,cloudngfw,cdl,panos,terraform,ansible,splunk,aiops-ngfw-bpa yarn start",
     "start:splunk": "cross-env PRODUCTS_INCLUDE=panos,terraform,ansible,splunk yarn start",
     "start:sase": "cross-env PRODUCTS_INCLUDE=sase,access,sdwan yarn start",
     "start:cloud": "cross-env PRODUCTS_INCLUDE=prisma-cloud,compute yarn start",

products/cdss/docs/release-notes/changelog.md

@@ -15,3 +15,4 @@ keywords:
 | August 08, 2022 | First public release of the Threat Vault API for Threat Prevention and Advanced Threat Prevention subscription holders. |
 | August 23, 2022 | First public `BETA` release of the DNS Security API for DNS Security subscription holders. |
 | April 23, 2023 | The Threat Vault API now supports retrieval of [predefined EDL](https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/built-in-edls.html) ([external dynamic list](https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/external-dynamic-list.html)) content. |
+| November 01, 2023 | The Threat Vault API now supports retrieval of [IP Feed Information](/threat-vault/api/ip-feed/) and [IP Feed Information in Batch Mode](/threat-vault/api/ip-feed-batch/). |

products/cdss/docs/release-notes/release-notes.md

@@ -14,7 +14,7 @@ These release notes highlight API changes made for the various CDSS (Cloud-Deliv
 
 In addition, you can refer to the TechDocs [product documentation](https://docs.paloaltonetworks.com/cdss) for release information about non-API feature enhancements:
 
-See also the [change log](/cdss/docs/release-notes/changelog) for information on all changes to this API documentation, some of which have
+See also the [change log](../../cdss/docs/release-notes/changelog) for information on all changes to this API documentation, some of which have
 occurred in between API product releases.
 
 ## August 2022
@@ -25,4 +25,4 @@ The following known issues are present in the current API release:
 
 | Known Issue ID | Description                                                                                                                                      | Status     |
 | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
-| `CSP-12173`    | Advanced Threat Prevention and Threat Prevention subscriptions included as part of a bundle package cannot currently access the ThreatVault API. | Unresolved |
+| `CSP-12173`    | Advanced Threat Prevention and Threat Prevention subscriptions included as part of a bundle package cannot currently access the ThreatVault API. |  Resolved  |

products/cdss/sidebars.js

@@ -94,6 +94,14 @@ module.exports = {
               type: "doc",
               id: "threat-vault/docs/examples/get-content-release-notes",
             },
+            {
+              type: "doc",
+              id: "threat-vault/docs/examples/get-ip-feed-information",
+            },
+            {
+              type: "doc",
+              id: "threat-vault/docs/examples/get-ip-feed-batch-mode",
+            },
           ],
         },
         {

products/threat-vault/docs/examples/get-ip-feed-batch-mode.mdx

@@ -0,0 +1,80 @@
+---
+id: get-ip-feed-batch-mode
+title: Request IP Feed Information in Batch Mode
+description: Threat Vault API example showing how to request IP feed information using the IP address, IP address range, or the name of the feed in batch mode.
+hide_title: false
+hide_table_of_contents: false
+keywords:
+  - security subscription
+---
+
+The API Reference information for retrieving IP feed information can be found
+[here](/threat-vault/api/ip-feed-batch/).
+
+## Overview
+
+The Threat Vault API can be used to request IP feed information in batch mode. Consider the following examples:
+
+Keep a few things in mind when formatting your API query:
+
+1. All the query strings in Get requests must be a URL-Encoded parameter string. If you use a space in the URL-Encoded request, you must include either a plus sign (+) or %20 to replace the space.
+2. You can specify the content type of the request body and response by specifying the Content-Type header. Some responses generate an HTTP response in addition to a JSON object.
+3. Do not embed API keys in code or application source tree files. This can inadvertently expose the API key. Instead, consider storing the API key in environmental variables or files that are excluded from your application source tree files.
+
+## Example 1: A POST request to retrieve the IP feed information based on a list of IP addresses:
+
+```shell-session
+curl -X POST -d '{"ipaddr": ["1.33.230.137", "1.117.154.185", "1.117.180.42"]}' 'https://api.threatvault.paloaltonetworks.com/service/v1/ip-feed' \
+    -H 'X-API-KEY: API_KEY' \
+    -H 'Content-Type: application/json'
+```
+
+A successful API call returns, within the contents section, `status="success"` along with the IP feed results.
+
+```json
+{
+    "success": true,
+    "link": {
+        "next": null,
+        "previous": null
+    },
+    "count": 3,
+    "data": [
+        {
+            "ipaddr": "1.33.230.137",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "3327",
+                "first_release_time": "2020-04-22T20:38:31Z"
+            },
+            "geo": "JP (Japan)",
+            "asn": "2514 (INFOSPHERE NTT PC Communications, Inc., JP)"
+        },
+        {
+            "ipaddr": "1.117.154.185",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "4090",
+                "first_release_time": "2022-05-21T21:43:42Z"
+            },
+            "geo": "CN (China)",
+            "asn": "45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)"
+        },
+        {
+            "ipaddr": "1.117.180.42",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "3888",
+                "first_release_time": "2021-11-02T00:53:22Z"
+            },
+            "geo": "CN (China)",
+            "asn": "45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)"
+        }
+    ],
+    "message": "Successful"
+}
+```
+

products/threat-vault/docs/examples/get-ip-feed-information.mdx

@@ -0,0 +1,239 @@
+---
+id: get-ip-feed-information
+title: Request IP Feed Information
+description: Threat Vault API example showing how to request IP feed information using the IP address, IP address range, or the name of the feed.
+hide_title: false
+hide_table_of_contents: false
+keywords:
+  - security subscription
+---
+
+The API Reference information for retrieving IP feed information can be found
+[here](/threat-vault/api/ip-feed/).
+
+## Overview
+
+The Threat Vault API can be used to request IP feed information. Consider the following examples:
+
+Keep a few things in mind when formatting your API query:
+
+1. All the query strings in Get requests must be a URL-Encoded parameter string. If you use a space in the URL-Encoded request, you must include either a plus sign (+) or %20 to replace the space.
+2. You can specify the content type of the request body and response by specifying the Content-Type header. Some responses generate an HTTP response in addition to a JSON object.
+3. Do not embed API keys in code or application source tree files. This can inadvertently expose the API key. Instead, consider storing the API key in environmental variables or files that are excluded from your application source tree files.
+
+## Example 1: Request information about the specific IP feed name that is present in the Threat Intelligence database while limiting the maximum number of results to three:
+
+```shell-session
+curl -H 'X-API-KEY: API_KEY' 'https://api.threatvault.paloaltonetworks.com/service/v1/ip-feed?name=malicious&limit=3'
+```
+
+A successful API call returns, within the contents section, `status="success"` along with the IP feed results.
+
+```json
+{
+    "success": true,
+    "link": {
+        "next": "https://api.threatvault.paloaltonetworks.com/service/v1/ip-feed?name=malicious&limit=3&offset=3",
+        "previous": null
+    },
+    "count": 4508,
+    "data": [
+        {
+            "ipaddr": "1.33.230.137",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "3327",
+                "first_release_time": "2020-04-22T20:38:31Z"
+            },
+            "geo": "JP (Japan)",
+            "asn": "2514 (INFOSPHERE NTT PC Communications, Inc., JP)"
+        },
+        {
+            "ipaddr": "1.117.154.185",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "4090",
+                "first_release_time": "2022-05-21T21:43:42Z"
+            },
+            "geo": "CN (China)",
+            "asn": "45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)"
+        },
+        {
+            "ipaddr": "1.117.180.42",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "3888",
+                "first_release_time": "2021-11-02T00:53:22Z"
+            },
+            "geo": "CN (China)",
+            "asn": "45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)"
+        }
+    ],
+    "message": "Successful"
+}
+```
+
+## Example 2: Request information about the specific matching IP address in the Threat Intelligence database: 
+
+```shell-session
+curl -H 'X-API-KEY: API_KEY' 'https://api.threatvault.paloaltonetworks.com/service/v1/ip-feed?ipaddr=193.189.116.210'
+```
+
+A successful API call returns, within the Contents section, `status="success"` along with the associated IP feed entry details:
+
+```json
+{
+    "success": true,
+    "link": {
+        "next": null,
+        "previous": null
+    },
+    "count": 1,
+    "data": [
+        {
+            "ipaddr": "193.189.116.210",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T11:06:51Z"
+            },
+            "geo": "PL (Poland)",
+            "asn": "44124 (RYBNET-AS, PL)"
+        }
+    ],
+    "message": "Successful"
+}
+```
+
+## Example 3: Request information about the specific IP address using an IP address that does [not] exist in the Threat Intelligence database. This returns only Geolocation and Autonomous System information: 
+
+```shell-session
+curl -H 'X-API-KEY: API_KEY' 'https://api.threatvault.paloaltonetworks.com/service/v1/ip-feed?ipaddr=193.189.116.215'
+```
+
+A successful API call returns, within the Contents section, `status="success"` along with the associated IP feed entry details:
+
+```json
+{
+    "success": true,
+    "link": {
+        "next": null,
+        "previous": null
+    },
+    "count": 1,
+    "data": [
+        {
+            "ipaddr": "193.189.116.215",
+            "name": null,
+            "status": "N/A",
+            "release": {},
+            "geo": "PL (Poland)",
+            "asn": "44124 (RYBNET-AS, PL)"
+        }
+    ],
+    "message": "Successful"
+}
+```
+
+## Example 4: Request information about matching IP feed entries found in the Threat Intelligence database based on a range of IP addresses. This returns only Geolocation and Autonomous System information: 
+
+```shell-session
+curl -H 'X-API-KEY: API_KEY' 'https://api.threatvault.paloaltonetworks.com/service/v1/ip-feed?fromipaddr=185.130.5.207&toipaddr=185.130.5.236'
+```
+
+A successful API call returns, within the Contents section, `status="success"` along with the associated IP feed entry details:
+
+```json
+{
+    "success": true,
+    "link": {
+        "next": null,
+        "previous": null
+    },
+    "count": 7,
+    "data": [
+        {
+            "ipaddr": "185.130.5.207",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        },
+        {
+            "ipaddr": "185.130.5.208",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        },
+        {
+            "ipaddr": "185.130.5.224",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        },
+        {
+            "ipaddr": "185.130.5.231",
+            "name": "Malicious IP Feed",
+            "status": "released",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        },
+        {
+            "ipaddr": "185.130.5.233",
+            "name": "High Risk IP Feed",
+            "status": "expired",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        },
+        {
+            "ipaddr": "185.130.5.234",
+            "name": "High Risk IP Feed",
+            "status": "expired",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        },
+        {
+            "ipaddr": "185.130.5.235",
+            "name": "High Risk IP Feed",
+            "status": "expired",
+            "release": {
+                "first_release_version": "2113",
+                "first_release_time": "2016-10-18T07:00:00Z"
+            },
+            "geo": "DE (Germany)",
+            "asn": "204527 (BJNIP, DE)"
+        }
+    ],
+    "message": "Successful"
+}
+```