A10 / Thunder ADC (a10_adc_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to accept device logs on the TSCM.	Required
note	Note	text	Optional note about the devices	Optional
ddos	DDOS Targets	multiselect	Select the DDOS targets you want to enable.	Optional
class_lists_filecount	Number of BW List Files	select	ADC Supports one BW List file.	Optional Valid values: 1 (1 File) ;
class_lists_filesize	BW File Size	select	Select the size of the BW list file.	Optional Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 4 (4 millions subnets) ; 8 (8 millions subnets) ;
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

A10 / Thunder ADC (a10_adc_ctp_std)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to accept device logs on the TSCM.	Required
note	Note	text	Optional note about the devices	Optional
class_lists_filecount	Number of BW List Files	select	ADC Supports one BW List file.	Optional Valid values: 1 (1 File) ;
class_lists_filesize	BW File Size	select	Select the size of the BW list file.	Optional Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 4 (4 millions subnets) ; 8 (8 millions subnets) ;
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

A10 / Thunder TPS (a10_tps_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to accept device logs on the TSCM.	Required
note	Note	text	Optional note about the devices	Optional
ddos	DDOS Targets	multiselect	Select the DDOS targets you want to enable.	Optional
class_lists_filecount	Number of Class List Files	select	Select the number of class list files to generate.	Optional Valid values: 1 (1 file) ; 2 (2 files) ; 3 (3 files) ; 4 (4 files) ;
class_lists_filesize	Class List File Size	select	Select the size of the class list files.	Optional Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 3 (3 millions subnets) ; 4 (4 millions subnets) ; 5 (5 millions subnets) ; 6 (6 millions subnets) ; 7 (7 millions subnets) ; 8 (8 millions subnets) ; 9 (9 millions subnets) ; 10 (10 millions subnets) ; 11 (11 millions subnets) ; 12 (12 millions subnets) ; 13 (13 millions subnets) ; 14 (14 millions subnets) ; 15 (15 millions subnets) ; 16 (16 millions subnets) ;
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

A10 / Thunder TPS (a10_tps_ctp_std)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to accept device logs on the TSCM.	Required
note	Note	text	Optional note about the devices	Optional
class_lists_filecount	Number of Class List Files	select	Select the number of class list files to generate.	Optional Valid values: 1 (1 file) ; 2 (2 files) ; 3 (3 files) ; 4 (4 files) ;
class_lists_filesize	Class List File Size	select	Select the size of the class list files.	Optional Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 3 (3 millions subnets) ; 4 (4 millions subnets) ; 5 (5 millions subnets) ; 6 (6 millions subnets) ; 7 (7 millions subnets) ; 8 (8 millions subnets) ; 9 (9 millions subnets) ; 10 (10 millions subnets) ; 11 (11 millions subnets) ; 12 (12 millions subnets) ; 13 (13 millions subnets) ; 14 (14 millions subnets) ; 15 (15 millions subnets) ; 16 (16 millions subnets) ;
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Check Point / GAIA R80 (checkpoint_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the TSCM. Required to access ThreatSTOP’s cloud services.	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device (Firepower Management Center IP)	Required
note	Note	text	Optional note about the devices	Optional
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
syslogip	Syslog IP address	text	Typically, logs will be sent over syslog by the device itself. If logs are sent by other IP address(es), add them here.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
blade	Anti-Virus or Anti-Bot blade	select	Although you can have both blades activated only one can be set for the policy.	Optional Valid values: ab (Anti-Bot) ; av (Anti-Virus) ;
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^\d{1,7}$\|^$`
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Cisco / ASA (cisco_asa_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	Public IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to manage ACLs over SSH.	Required
note	Note	text	Optional note about the devices	Optional
security_assessment	Security Assessment	select	Enable to enable custom log processing for Security Assessments	Optional Valid values: disabled (Disabled) ; enabled (Enabled) ;
object_group_block	Object Group Name (Block List)	text	Required field. Name the Object Group used to store the policy on ASA device (blocked IP addresses).	Required Regex `^[-_.a-zA-Z0-9]+$`
object_group_allow	Object Group Name (Allow List)	text	Required field. Name the Object Group used to store the policy on ASA device (whitelisted IP addresses).	Required Regex `^[-_.a-zA-Z0-9]+$`
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^\d{1,7}$\|^$`
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
custom_password_prompt	Custom password prompt	text	Optional field. Password prompt if customized on the ASA device.	Optional Regex `^[a-zA-Z0-9\s\\W]+$\|^$`
additional_devices	High-Availability IP addresses	text	If this device is part of a high-availability (HA) cluster, list the IP addresses of the HA devices (space-delimited)	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Cisco / ISR (cisco_isr_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to manage ACLs over SSH.	Required
note	Note	text	Optional note about the devices	Optional
security_assessment	Security Assessment	select	Enable to enable custom log processing for Security Assessments	Optional Valid values: disabled (Disabled) ; enabled (Enabled) ;
object_group_block	Object Group Name (Block List)	text	Required field. Name the Object Group used to store policy on ISR device (blocked IPs).	Required Regex `^[-_.a-zA-Z0-9]+$`
object_group_allow	Object Group Name (Allow List)	text	Required field. Name the Object Group used to store policy on ISR device (whitelisted IPs).	Required Regex `^[-_.a-zA-Z0-9]+$`
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^\d{1,7}$\|^$`
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
custom_password_prompt	Custom password prompt	text	Optional field. Password prompt if customized on the ISR device.	Optional
ssh_options	Custom SSH Options	text	Optional field. SSH options used when connecting to ISR device.	Optional
compress_config	Compress configuration	select	Compress or uncompress configuration after policy updates	Optional Valid values: enabled (Compress) ; disabled (Uncompress) ;
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Cisco / Firepower (firepower_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the TSCM. Required to access ThreatSTOP’s cloud services.	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device (Firepower Management Center IP)	Required
note	Note	text	Optional note about the devices	Optional
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
syslogip	Syslog IP address	text	List of every NGFW or ASA (Firepower Sensors) on which the ThreatSTOP policy is deployed	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^\d{1,7}$\|^$`
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Fortinet / Fortigate (fortinet_fortigate_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to manage ACLs over SSH.	Required
note	Note	text	Optional note about the devices	Optional
security_assessment	Security Assessment	select	Enable to enable custom log processing for Security Assessments	Optional Valid values: disabled (Disabled) ; enabled (Enabled) ;
trusted_interfaces	Trusted Interface(s)	text	Required field. Comma-delimited list of trusted interfaces.	Required Regex `^\s[^\s,]+(\s,\s[^\s,]+\s)*$`
untrusted_interfaces	Untrusted Interface(s)	text	Required field. Comma-delimited list of untrusted interfaces.	Required Regex `^\s[^\s,]+(\s,\s[^\s,]+\s)*$`
policy_prefix	Policy name prefix	text	Required field (ASCII string)	Required Regex `^\w+$`
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^\d{1,7}$\|^$`
maxpolicygroupsize	Maximum Policy Group Size	text	Maximum number of entries allowed in block or allow address groups.	Optional Regex `^\d{1,4}$\|^$`
setup_syslog	Configure syslog	select	Automatic configuration of syslog on Fortigate device	Optional Valid values: yes (Yes) ; no (No) ;
vdom_support	Enable VDOM support	select	Select yes if the Fortigate device runs with VDOM enabled	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
vdom	VDOM name	text	If VDOM support is enabled, provide the name of the VDOM to use	Optional Regex `^\w+$\|^$`
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
fw_address_visibility	Rules visibility	select	Set visibility to No to hide the details of the policy in the Fortigate Web GUI	Optional Valid values: enabled (True) ; disabled (False) ;
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

ISC / BIND 9 (TSCM) (isc_bind9_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the DNS RPZ policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
note	Note	text	Optional note about the devices	Optional
bind_mode	Bind Mode	select	Bind query operation mode. Recursion or Forwarder only	Optional Valid values: 1 (Recursion) ; 2 (Forwarder only) ;
forwarders	DNS Forwarders	text	Space separated DNS server IP addresses used to forward upstream queries i.e. 192.168.1.1 10.0.0.1	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
bind_trusted_acl	Bind Trusted ACL	text	Space separated list of IP / CIDR addresses allowed to query this DNS server i.e. 10.0.0.1 192.168.2.0/24 (special bind keywords: localnets any localhost)	Optional Regex `^(?:(?:any)\|(?:localhost)\|(?:localnets)\|(?:(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})(?:\/\d{1,2})?))(?:\s+(?:(?:any)\|(?:localhost)\|(?:localnets)\|(?:(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})(?:\/\d{1,2})?)))\s$`
bind_port	Bind Port	text	The Bind DNS TCP Port to be used. Any unused port 0-65535, except 5353.	Optional Regex `^(?!5353$)\d{1,5}$`
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Palo Alto Networks / PA series (panos_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
device	Internal IP Address	text	Enter the internal IP address of the device. Used to manage ACLs using the PAN-OS API.	Required
note	Note	text	Optional note about the devices	Optional
security_assessment	Security Assessment	select	Enable to enable custom log processing for Security Assessments	Optional Valid values: disabled (Disabled) ; enabled (Enabled) ;
trusted_zone	Trusted Zone	text	Required field. Comma-separated list of zone names.	Required Regex `^[-_., a-zA-Z0-9]+$`
untrusted_zone	Untrusted Zone	text	Required field. Comma-separated list of zone names.	Required Regex `^[-_., a-zA-Z0-9]+$`
max_dynamic_lists	Maximum Dynamic Lists	text	Number of dynamic lists to use (2-9).	Optional Regex `^[23456789]$`
vsys_name	VSYS name	text	Optional field. Select if the PAN device is configured with virtual systems. Must be vsysXX, where XX is an integer.	Optional Regex `^vsys\d+$\|^$`
customer_syslog_profile	Syslog Profile	text	Name of an existing syslog profile in which the TSCM will be added, or leave the field empty to create a new one.	Optional Regex `^(\|[-_. a-zA-Z0-9]+)$`
syslogip	Syslog IP address (internal device IP address)	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Required
logupload	Enable log upload	select	Send logs to ThreatSTOP Cloud (required for reporting).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
block_action	Block Action	select	Action to be taken for blocked traffic.	Optional Valid values: drop (Drop) ; deny (Deny) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip	Syslog IP address	text	Allows the TSCM vm to receive syslog messages from other IP address than the address of the device.	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
updates	Enable policy updates	select	Suspend policy updates when Disabled is selected (not recommended).	Optional Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize	Log file size (KB)	text	The log files will be rotated when they reach this size.	Optional Regex `^\d{1,4}$`
additional_devices	High-Availability IP addresses	text	If this device is part of a high-availability (HA) cluster, list IP addresses of devices in cluster (space-delimited)	Optional Regex `(^\$\|^(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3}(?:\s+(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])(?:\.(?:\d\|1?\d\d\|2[0-4]\d\|25[0-5])){3})$)\|^$`
proxy	Log Upload Proxy	text	HTTP Proxy for log file upload (http://IP address:port)	Optional Regex `^http:\/\/[\w\.-_]+:\d+$\|^$`

Ubiquiti / EdgeRouter (ubiquiti_edge_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
note	Note	text	Optional note about the devices	Optional
inbound_rule_name	Inbound rule set name	text	Inbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
outbound_rule_name	Outbound rule set name	text	Outbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
local_rule_name	Local rule set name	text	Local firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
rule_offset	Rule set offset number	text	Rule offset is used to position our rules in the firewall rule set. Integer between 1-9999. * This setting used during initial install only	Required Regex `^\d{1,6}$\|^[1-5]\d{1,6}$`
interface	Interface Name	text	Name of interface to apply firewall rules on (I.E. eth0, br0, bond1, etc…) * This setting used during initial install only	Required Regex `^[a-zA-Z]+\d{1,3}$`
interface_type	Interface Type	select	This is used during initial device configuration only	Optional Valid values: ethernet (ethernet) ; bridge (bridge) ; wireless (wireless) ; adsl (adsl) ; bonding (bonding) ; multilink (multilink) ;
prefix	Prefix	text	Prefix for ipset rules, should be kept short for logging purposes.	Required
mode	Operation Mode	select	Router or Bridge modes supported. * This setting used during initial install only	Optional Valid values: r (Router) ; b (Bridge) ;
use_default_firewall_actions	Default actions for firewall rules	select	It is highly recommended to have these default actions configured by selecting “yes” unless you are using a predefined firewall rule set, or know what you are doing. Default actions are : “DROP” for inbound traffic, “ACCEPT” for local & outbound traffic * This setting used during initial install only	Optional Regex `^y$\|^n$` Valid values: y (Yes) ; n (No) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
telemetry	Telemetry	select		Optional Valid values: enabled (enabled) ; disabled (disabled) ;
pppoe	PPPOE instance number (0-99)	text	If you are using PPPOE and want to apply the firewall settings to it supply the PPPOE instance / unit number i.e. for “pppoe 1” type in 1. Leave empty if unused.	Optional Regex `^\d{1,2}$\|^$`
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^[1-3]\d{1,5}$\|^\d{1,6}$`

Brocade / Vyatta v5400 (vyatta_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
note	Note	text	Optional note about the devices	Optional
inbound_rule_name	Inbound rule set name	text	Inbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
outbound_rule_name	Outbound rule set name	text	Outbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
local_rule_name	Local rule set name	text	Local firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
rule_offset	Rule set offset number	text	Rule offset is used to position our rules in the firewall rule set. Integer between 1-9999. * This setting used during initial install only	Required Regex `^\d{1,6}$\|^[1-5]\d{1,6}$`
interface	Interface Name	text	Name of interface to apply firewall rules on (I.E. eth0, br0, bond1, etc…) * This setting used during initial install only	Required Regex `^[a-zA-Z]+\d{1,3}$`
interface_type	Interface Type	select	This is used during initial device configuration only	Optional Valid values: ethernet (ethernet) ; bridge (bridge) ; wireless (wireless) ; adsl (adsl) ; bonding (bonding) ; multilink (multilink) ;
prefix	Prefix	text	Prefix for ipset rules, should be kept short for logging purposes.	Required
mode	Operation Mode	select	Router or Bridge modes supported. * This setting used during initial install only	Optional Valid values: r (Router) ; b (Bridge) ;
use_default_firewall_actions	Default actions for firewall rules	select	It is highly recommended to have these default actions configured by selecting “yes” unless you are using a predefined firewall rule set, or know what you are doing. Default actions are : “DROP” for inbound traffic, “ACCEPT” for local & outbound traffic * This setting used during initial install only	Optional Regex `^y$\|^n$` Valid values: y (Yes) ; n (No) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
telemetry	Telemetry	select		Optional Valid values: enabled (enabled) ; disabled (disabled) ;
pppoe	PPPOE instance number (0-99)	text	If you are using PPPOE and want to apply the firewall settings to it supply the PPPOE instance / unit number i.e. for “pppoe 1” type in 1. Leave empty if unused.	Optional Regex `^\d{1,2}$\|^$`
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^[1-3]\d{1,5}$\|^\d{1,6}$`

VyOS / VyOS 1.x (vyos_1x_ctp)

Name	Label	Type	Description	Validation
device_nickname	Nickname	text	Name this device entry	Required
policy	Policy	select	Select the IP policy that will be loaded on your device.	Required
ip_type	IP Type	radio	Select the type of the external IP address of the device	Required
ip_address	IP Address	text	Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services.	Optional
dyndns_name	Domain name	text	Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes.	Optional
note	Note	text	Optional note about the devices	Optional
inbound_rule_name	Inbound rule set name	text	Inbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
outbound_rule_name	Outbound rule set name	text	Outbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
local_rule_name	Local rule set name	text	Local firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only	Required Regex `^[\w\-\_\.]+$`
rule_offset	Rule set offset number	text	Rule offset is used to position our rules in the firewall rule set. Integer between 1-9999. * This setting used during initial install only	Required Regex `^\d{1,6}$\|^[1-5]\d{1,6}$`
interface	Interface Name	text	Name of interface to apply firewall rules on (I.E. eth0, br0, bond1, etc…) * This setting used during initial install only	Required Regex `^[a-zA-Z]+\d{1,3}$`
interface_type	Interface Type	select	This is used during initial device configuration only	Optional Valid values: ethernet (ethernet) ; bridge (bridge) ; wireless (wireless) ; adsl (adsl) ; bonding (bonding) ; multilink (multilink) ;
prefix	Prefix	text	Prefix for ipset rules, should be kept short for logging purposes.	Required
mode	Operation Mode	select	Router or Bridge modes supported. * This setting used during initial install only	Optional Valid values: r (Router) ; b (Bridge) ;
use_default_firewall_actions	Default actions for firewall rules	select	It is highly recommended to have these default actions configured by selecting “yes” unless you are using a predefined firewall rule set, or know what you are doing. Default actions are : “DROP” for inbound traffic, “ACCEPT” for local & outbound traffic * This setting used during initial install only	Optional Regex `^y$\|^n$` Valid values: y (Yes) ; n (No) ;
port	DNS Port	select	The TCP Port used to reach the ThreatSTOP DNS Servers.	Optional Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
telemetry	Telemetry	select		Optional Valid values: enabled (enabled) ; disabled (disabled) ;
pppoe	PPPOE instance number (0-99)	text	If you are using PPPOE and want to apply the firewall settings to it supply the PPPOE instance / unit number i.e. for “pppoe 1” type in 1. Leave empty if unused.	Optional Regex `^\d{1,2}$\|^$`
maxpolicysize	Maximum Policy Size	text	Truncate the block list if it reaches the specified size.	Optional Regex `^[1-3]\d{1,5}$\|^\d{1,6}$`