Log files

Devices can be configured to upload log files containing events when a ThreatSTOP firewall or DNS Firewall rule is matched.

Upon upload, the ThreatSTOP platform parses the log file, matches IP addresses against the IOCs in the policy associated with the device and makes the enriched data available in Web and email reports.

The API service provides a mechanism to view the status of the log files and metadata associated with the parsing process, such as the number of entries matches.

This is a Read-Only API service. It doesn’t support the upload of log files or altering the metadata.