Netscout Arbor DDoS Protection

the netscout arbor connector facilitates automated interactions with the netscout arbor ddos protection platform, enabling users to manage alerts and generate reports directly through swimlane netscout arbor ddos protection is a comprehensive defense solution against distributed denial of service (ddos) attacks, providing real time detection and automated mitigation this connector enables swimlane turbine users to integrate with netscout arbor's robust security features, allowing for the retrieval of detailed alert information, generation of in depth reports, and monitoring of potential threats through a list of alerts by leveraging this connector, users can enhance their security posture with actionable insights and streamlined incident response directly within the swimlane turbine platform, ensuring rapid and effective ddos threat management prerequisites to effectively utilize the netscout arbor ddos protection connector with swimlane turbine, ensure you have the following api key authentication url the endpoint url for the netscout arbor api api key a valid api key provided by netscout arbor for authentication capabilities this connector provides the following capabilities get alert get report list alerts asset setup to use the asset, you must create an api key to create an api key, follow the following steps log in to the cli with your administrator username and password to create the token, enter service aaa local apitoken generate within the cli the system responds with username “tokendescription”username = "the name of a valid aed user"tokendescription = "a brief description of the token" this description is appended to the token to save the configuration, enter config write within the cli (optional) enter the following command to view the generated token this command identifies each user and the tokens associated with that user service aaa local apitoken show notes to access your api notes, you must follow to https //{your host information}/api/aed/doc/v2/endpoints html this connector was developed against product version 6 1 configurations netscout arbor api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x arbux apitoken api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alert retrieves detailed information for a specific alert identified by an alert id in netscout arbor ddos protection endpoint url /api/aed/v2/alerts/{{alert id}} method get input argument name type required description path parameters alert id string required unique alert identifier input example {"path parameters" {"alert id" "2"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get report generates a detailed report from netscout arbor based on the specified name, report type, start time, and end time endpoint url /api/aed/v2/reports method get input argument name type required description parameters name string required name of report requested parameters reporttype string required report type parameters starttime string required start time of the report requested parameters endtime string required end time of the report requested parameters recipients string optional a sting formatted comma separated list of recipients parameters params string optional a json formatted object describing the specified elements of the report input example {"parameters" {"name" "executive summary month","reporttype" "execsummary","starttime" "september 14, 2023, 12 00 00 am","endtime" "october 14, 2023 12 00 00 am","recipients" "abc\@myco com, zyx\@myco com","params" "{\\"test\\" 1}"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} list alerts retrieve a list of all alerts from netscout arbor ddos protection to monitor and analyze potential threats endpoint url /api/aed/v2/alerts method get input argument name type required description parameters type string optional the alert type parameters title string optional name of the alert parameters description string optional description of the alert parameters severity string optional severity of the alert parameters starttime string optional start time for the alert parameters endtime string optional end time for the alert parameters status string optional status of the alerts (all, active, inactive) parameters pgid string optional protection group identifier parameters pgname string optional protection group name parameters q string optional list of (+) delimited search strings parameters select string optional list of (,) delimited filter strings parameters sort string optional key used to sort results parameters direction string optional the direction results are sorted (asc or desc) parameters limit number optional parameters for the list alerts action parameters page number optional parameters for the list alerts action input example {"parameters" {"type" "suspicious login","title" "multiple sign on attempts","description" "at 10 30 20 1 there were (3) failed attempts to authenticate ","severity" "high","starttime" "september 14, 2023, 12 00 00 am","endtime" "october 14, 2023 12 00 00 am","status" "all","pgid" "21","pgname" "pg name","q" "test+name","select" "name","sort" "id","direction" "desc","limit" 1,"page" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt