ngfcti-ip-addresses
Retrieve a list of threat IP addresses from the FCTI service.
ngfcti-ip-addresses [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=asc|desc] [assessment=0|1|2|3|4|5]
- proxy=PROXY
- Proxy server URL
- duration=NUM{mon|w|d|h|m|s}
- Limited to logs within a certain time range from the current time. Can be specified in s (seconds), m (minutes), h (hours), d (days), and mon (months). For example, 10s means a range from the current time to 10 seconds before.
- from=yyyyMMddHHmmss
- Specify the start of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
- to=yyyyMMddHHmmss
- Specify the end of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
- order=asc|desc
- Sort order. If unspecified, fetches the most recent data first.
- assessment=0|1|2|3|4|5
- Selectively look up only domains with a specified Threat Intelligence Assessment level or higher.
Output fields
| field | type | name | description |
|---|---|---|---|
| _time | Datetime | Registration time | e.g.: 2022-12-30 01:19:04+0900 |
| ip | IP address | IP address | e.g.: 107.189.7.33 |
| category | String | Threat category | e.g.: Anonymizer |
| description | String | Threat description | e.g.: Tor |
| country | String | Country code | e.g.: US |
| asn | String | ASN | e.g.: AS53667 PONYNET |
| latitude | 64-bit double | latitude | e.g.: 37.09024 |
| longitude | 64-bit double | longitude | e.g.: -95.712891 |
| whois_owner | String | IP owner | e.g.: NET107 |
| whois_abuse_email | String | abuse email | e.g.: hostmaster@arin.net |
| tlp | 32-bit integer | Scope of information disclosure | 0: TLP:CLEAR, 1: TLP:GREEN, 2: TLP:AMBER, 3: TLP:AMBER+STRICT, 4: TLP:RED |
| tlp_name | String | Scope of information disclosure name | e.g.: TLP:GREEN |
| assessment | 32-bit integer | Threat Information Assessment Level | 0: Safe, 1: Unknown, 2: Low, 3: Moderate, 4: Danger, 5: Critical |
| assessment_name | String | Threat Information Assessment Level name | e.g.: Moderate |
| created_at | Datetime | Threat level creation date | e.g.: 2022-12-30 01:19:04+0900 |
| modified_at | Datetime | Threat level modification date | e.g.: 2023-01-06 17:08:15+0900 |
| expire_at | Datetime | Threat level expiration date | |
| first_seen_at | Datetime | First discovered date | e.g.: 2022-12-30 01:19:04+0900 |
| last_seen_at | Datetime | Latest discovered date | e.g.: 2022-12-30 01:19:04+0900 |
| intel_id | String | Unique identifier | e.g.: 02rwR1vEOgGxPVqyNp8eyx |
| relationships_outgoing | Array | List of outgoing relationships | |
| relationships_incoming | Array | List of incoming relationships |