UDSO :: Add · Customer Self-Service

Use this API to manually add suspicious file SHA-1 hash value, IP address, domain name, or URL objects to the User-Defined Suspicious Object list

HTTP Request

The following HTTP request always calls the latest version of the API.
```
PUT /WebApp/api/SuspiciousObjects/UserDefinedSO/ HTTP/1.1
```
Note:
The latest version of the API may support different parameters or values.

Use the following HTTP request if your application is dependent on parameters or values specific to the first version of the API.
The following HTTP request always calls the first version of the API.
```
PUT /WebApp/api/v1/SuspiciousObjects/UserDefinedSO/ HTTP/
1.1
```

Parameters

Important:

The HTTP request body must contain all required parameters.

Name	Type	Description	Value
Required Parameters
type	String	The suspicious object type	Example: `"type":"ip"` ip url file_sha1 domain
content	String	The suspicious object content for the specified type	Example: `"content":"168.95.1.1"` For `"type":"ip"`, provide the IPv4 address For `"type":"url"`, provide the URL starting with http:// or https:// (maximum length: 2047 characters) For `"type":"file_sha1"`, provide the file SHA-1 hash (maximum length: 40 characters) For `"type":"domain"`, provide the domain
scan_action	String	The scan action to perform on the suspicious object (maximum length: 64 characters)	Example: `"scan_action":"log"` log block
Optional Parameters
notes	String	Description of the object (maximum length: 256 characters)	Example: `"notes":"Suspicious IP address"`

HTTP Request Example

PUT /WebApp/api/SuspiciousObjects/UserDefinedSO/ HTTP/1.1

HTTP Request Body

Specify a JSON object containing the following HTTP header and request body:

HTTP header:

Important:

This API only supports the following Content-Type.
The authorization header is only required for external HTTP requests.

Field Name	Value
Content-Type	application/json;charset=utf-8
Authorization	Bearer {Generated JWT authentication token}

Request body:

{
    "param":{
        "type":"ip",
        "content":"168.95.1.1",
        "notes":"Suspicious IP address",
        "scan_action":"log"
        }
}

Response

If successful, this method returns an HTTP status code of "200", result code of "1", and a response body with the following structure:

{
    "Meta":{
        "Result":"1",
        "ErrorCode":"0",
        "ErrorMsg":""
    },
    "PermissionCtrl":{
        "permission":"255"
        "elements":null
    },
    "FeatureCtrl":{
        "mode":"0"
    },
    "SystemCtrl":{
        "TmcmSoDist_Role":"none/hub/edge"
    }
}

For more information about API responses and descriptions of response codes, see the following topics: