The following tables list the settings for each supported Web-Automation (CTP) device.

Review the devices documentation for an explanation of the settings.

A10 / Thunder ADC (a10_adc_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to accept device logs on the TSCM. Required
note Note text Optional note about the devices Optional
ddos DDOS Targets multiselect Select the DDOS targets you want to enable. Optional
class_lists_filecount Number of BW List Files select ADC Supports one BW List file. Optional
Valid values: 1 (1 File) ;
class_lists_filesize BW File Size select Select the size of the BW list file. Optional
Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 4 (4 millions subnets) ; 8 (8 millions subnets) ;
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

A10 / Thunder ADC (a10_adc_ctp_std)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to accept device logs on the TSCM. Required
note Note text Optional note about the devices Optional
class_lists_filecount Number of BW List Files select ADC Supports one BW List file. Optional
Valid values: 1 (1 File) ;
class_lists_filesize BW File Size select Select the size of the BW list file. Optional
Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 4 (4 millions subnets) ; 8 (8 millions subnets) ;
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

A10 / Thunder TPS (a10_tps_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to accept device logs on the TSCM. Required
note Note text Optional note about the devices Optional
ddos DDOS Targets multiselect Select the DDOS targets you want to enable. Optional
class_lists_filecount Number of Class List Files select Select the number of class list files to generate. Optional
Valid values: 1 (1 file) ; 2 (2 files) ; 3 (3 files) ; 4 (4 files) ;
class_lists_filesize Class List File Size select Select the size of the class list files. Optional
Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 3 (3 millions subnets) ; 4 (4 millions subnets) ; 5 (5 millions subnets) ; 6 (6 millions subnets) ; 7 (7 millions subnets) ; 8 (8 millions subnets) ; 9 (9 millions subnets) ; 10 (10 millions subnets) ; 11 (11 millions subnets) ; 12 (12 millions subnets) ; 13 (13 millions subnets) ; 14 (14 millions subnets) ; 15 (15 millions subnets) ; 16 (16 millions subnets) ;
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

A10 / Thunder TPS (a10_tps_ctp_std)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to accept device logs on the TSCM. Required
note Note text Optional note about the devices Optional
class_lists_filecount Number of Class List Files select Select the number of class list files to generate. Optional
Valid values: 1 (1 file) ; 2 (2 files) ; 3 (3 files) ; 4 (4 files) ;
class_lists_filesize Class List File Size select Select the size of the class list files. Optional
Valid values: 1 (1 million subnets) ; 2 (2 millions subnets) ; 3 (3 millions subnets) ; 4 (4 millions subnets) ; 5 (5 millions subnets) ; 6 (6 millions subnets) ; 7 (7 millions subnets) ; 8 (8 millions subnets) ; 9 (9 millions subnets) ; 10 (10 millions subnets) ; 11 (11 millions subnets) ; 12 (12 millions subnets) ; 13 (13 millions subnets) ; 14 (14 millions subnets) ; 15 (15 millions subnets) ; 16 (16 millions subnets) ;
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Check Point / GAIA R80 (checkpoint_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the TSCM. Required to access ThreatSTOP’s cloud services. Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
device Internal IP Address text Enter the internal IP address of the device (Firepower Management Center IP) Required
note Note text Optional note about the devices Optional
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
syslogip Syslog IP address text Typically, logs will be sent over syslog by the device itself. If logs are sent by other IP address(es), add them here. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
blade Anti-Virus or Anti-Bot blade select Although you can have both blades activated only one can be set for the policy. Optional
Valid values: ab (Anti-Bot) ; av (Anti-Virus) ;
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^\d{1,7}$|^$
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
proxy Log Upload Proxy text HTTP Proxy for log file upload Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Cisco / ASA (cisco_asa_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address Public IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to manage ACLs over SSH. Required
note Note text Optional note about the devices Optional
security_assessment Security Assessment select Enable to enable custom log processing for Security Assessments Optional
Valid values: disabled (Disabled) ; enabled (Enabled) ;
object_group_block Object Group Name (Block List) text Required field. Name the Object Group used to store the policy on ASA device (blocked IP addresses). Required
Regex ^[-_.a-zA-Z0-9]+$
object_group_allow Object Group Name (Allow List) text Required field. Name the Object Group used to store the policy on ASA device (whitelisted IP addresses). Required
Regex ^[-_.a-zA-Z0-9]+$
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^\d{1,7}$|^$
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
custom_password_prompt Custom password prompt text Optional field. Password prompt if customized on the ASA device. Optional
Regex ^[a-zA-Z0-9\s\\W]+$|^$
additional_devices High-Availability IP addresses text If this device is part of a high-availability (HA) cluster, list the IP addresses of the HA devices (space-delimited) Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Cisco / ISR (cisco_isr_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to manage ACLs over SSH. Required
note Note text Optional note about the devices Optional
security_assessment Security Assessment select Enable to enable custom log processing for Security Assessments Optional
Valid values: disabled (Disabled) ; enabled (Enabled) ;
object_group_block Object Group Name (Block List) text Required field. Name the Object Group used to store policy on ISR device (blocked IPs). Required
Regex ^[-_.a-zA-Z0-9]+$
object_group_allow Object Group Name (Allow List) text Required field. Name the Object Group used to store policy on ISR device (whitelisted IPs). Required
Regex ^[-_.a-zA-Z0-9]+$
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^\d{1,7}$|^$
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
custom_password_prompt Custom password prompt text Optional field. Password prompt if customized on the ISR device. Optional
ssh_options Custom SSH Options text Optional field. SSH options used when connecting to ISR device. Optional
compress_config Compress configuration select Compress or uncompress configuration after policy updates Optional
Valid values: enabled (Compress) ; disabled (Uncompress) ;
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Cisco / Firepower (firepower_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the TSCM. Required to access ThreatSTOP’s cloud services. Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device (Firepower Management Center IP) Required
note Note text Optional note about the devices Optional
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
syslogip Syslog IP address text List of every NGFW or ASA (Firepower Sensors) on which the ThreatSTOP policy is deployed Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^\d{1,7}$|^$
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Fortinet / Fortigate (fortinet_fortigate_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to manage ACLs over SSH. Required
note Note text Optional note about the devices Optional
security_assessment Security Assessment select Enable to enable custom log processing for Security Assessments Optional
Valid values: disabled (Disabled) ; enabled (Enabled) ;
trusted_interfaces Trusted Interface(s) text Required field. Comma-delimited list of trusted interfaces. Required
Regex ^\s*[^\s,]+(\s*,\s*[^\s,]+\s*)*$
untrusted_interfaces Untrusted Interface(s) text Required field. Comma-delimited list of untrusted interfaces. Required
Regex ^\s*[^\s,]+(\s*,\s*[^\s,]+\s*)*$
policy_prefix Policy name prefix text Required field (ASCII string) Required
Regex ^\w+$
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^\d{1,7}$|^$
maxpolicygroupsize Maximum Policy Group Size text Maximum number of entries allowed in block or allow address groups. Optional
Regex ^\d{1,4}$|^$
setup_syslog Configure syslog select Automatic configuration of syslog on Fortigate device Optional
Valid values: yes (Yes) ; no (No) ;
vdom_support Enable VDOM support select Select yes if the Fortigate device runs with VDOM enabled Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
vdom VDOM name text If VDOM support is enabled, provide the name of the VDOM to use Optional
Regex ^\w+$|^$
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
fw_address_visibility Rules visibility select Set visibility to No to hide the details of the policy in the Fortigate Web GUI Optional
Valid values: enabled (True) ; disabled (False) ;
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

ISC / BIND 9 (TSCM) (isc_bind9_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the DNS RPZ policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
note Note text Optional note about the devices Optional
bind_mode Bind Mode select Bind query operation mode. Recursion or Forwarder only Optional
Valid values: 1 (Recursion) ; 2 (Forwarder only) ;
forwarders DNS Forwarders text Space separated DNS server IP addresses used to forward upstream queries i.e. 192.168.1.1 10.0.0.1 Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
bind_trusted_acl Bind Trusted ACL text Space separated list of IP / CIDR addresses allowed to query this DNS server i.e. 10.0.0.1 192.168.2.0/24 (special bind keywords: localnets any localhost) Optional
Regex ^(?:(?:any)|(?:localhost)|(?:localnets)|(?:(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*(?:\/\d{1,2})?))(?:\s+(?:(?:any)|(?:localhost)|(?:localnets)|(?:(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*(?:\/\d{1,2})?)))*\s*$
bind_port Bind Port text The Bind DNS TCP Port to be used. Any unused port 0-65535, except 5353. Optional
Regex ^(?!5353$)\d{1,5}$
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
proxy Log Upload Proxy text HTTP Proxy for log file upload Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Palo Alto Networks / PA series (panos_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
device Internal IP Address text Enter the internal IP address of the device. Used to manage ACLs using the PAN-OS API. Required
note Note text Optional note about the devices Optional
security_assessment Security Assessment select Enable to enable custom log processing for Security Assessments Optional
Valid values: disabled (Disabled) ; enabled (Enabled) ;
trusted_zone Trusted Zone text Required field. Comma-separated list of zone names. Required
Regex ^[-_., a-zA-Z0-9]+$
untrusted_zone Untrusted Zone text Required field. Comma-separated list of zone names. Required
Regex ^[-_., a-zA-Z0-9]+$
max_dynamic_lists Maximum Dynamic Lists text Number of dynamic lists to use (2-9). Optional
Regex ^[23456789]$
vsys_name VSYS name text Optional field. Select if the PAN device is configured with virtual systems. Must be vsysXX, where XX is an integer. Optional
Regex ^vsys\d+$|^$
customer_syslog_profile Syslog Profile text Name of an existing syslog profile in which the TSCM will be added, or leave the field empty to create a new one. Optional
Regex ^(|[-_. a-zA-Z0-9]+)$
syslogip Syslog IP address (internal device IP address) text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Required
logupload Enable log upload select Send logs to ThreatSTOP Cloud (required for reporting). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
block_action Block Action select Action to be taken for blocked traffic. Optional
Valid values: drop (Drop) ; deny (Deny) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
syslogip Syslog IP address text Allows the TSCM vm to receive syslog messages from other IP address than the address of the device. Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
updates Enable policy updates select Suspend policy updates when Disabled is selected (not recommended). Optional
Valid values: enabled (Enabled) ; disabled (Disabled) ;
logsize Log file size (KB) text The log files will be rotated when they reach this size. Optional
Regex ^\d{1,4}$
additional_devices High-Availability IP addresses text If this device is part of a high-availability (HA) cluster, list IP addresses of devices in cluster (space-delimited) Optional
Regex (^\*$|^(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3}(?:\s+(?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})*$)|^$
proxy Log Upload Proxy text HTTP Proxy for log file upload (http://IP address:port) Optional
Regex ^http:\/\/[\w\.-_]+:\d+$|^$

Ubiquiti / EdgeRouter (ubiquiti_edge_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
note Note text Optional note about the devices Optional
inbound_rule_name Inbound rule set name text Inbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
outbound_rule_name Outbound rule set name text Outbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
local_rule_name Local rule set name text Local firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
rule_offset Rule set offset number text Rule offset is used to position our rules in the firewall rule set. Integer between 1-9999. * This setting used during initial install only Required
Regex ^\d{1,6}$|^[1-5]\d{1,6}$
interface Interface Name text Name of interface to apply firewall rules on (I.E. eth0, br0, bond1, etc…) * This setting used during initial install only Required
Regex ^[a-zA-Z]+\d{1,3}$
interface_type Interface Type select This is used during initial device configuration only Optional
Valid values: ethernet (ethernet) ; bridge (bridge) ; wireless (wireless) ; adsl (adsl) ; bonding (bonding) ; multilink (multilink) ;
prefix Prefix text Prefix for ipset rules, should be kept short for logging purposes. Required
mode Operation Mode select Router or Bridge modes supported. * This setting used during initial install only Optional
Valid values: r (Router) ; b (Bridge) ;
use_default_firewall_actions Default actions for firewall rules select It is highly recommended to have these default actions configured by selecting “yes” unless you are using a predefined firewall rule set, or know what you are doing. Default actions are : “DROP” for inbound traffic, “ACCEPT” for local & outbound traffic * This setting used during initial install only Optional
Regex ^y$|^n$
Valid values: y (Yes) ; n (No) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
telemetry Telemetry select Optional
Valid values: enabled (enabled) ; disabled (disabled) ;
pppoe PPPOE instance number (0-99) text If you are using PPPOE and want to apply the firewall settings to it supply the PPPOE instance / unit number i.e. for “pppoe 1” type in 1. Leave empty if unused. Optional
Regex ^\d{1,2}$|^$
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^[1-3]\d{1,5}$|^\d{1,6}$

Brocade / Vyatta v5400 (vyatta_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
note Note text Optional note about the devices Optional
inbound_rule_name Inbound rule set name text Inbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
outbound_rule_name Outbound rule set name text Outbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
local_rule_name Local rule set name text Local firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
rule_offset Rule set offset number text Rule offset is used to position our rules in the firewall rule set. Integer between 1-9999. * This setting used during initial install only Required
Regex ^\d{1,6}$|^[1-5]\d{1,6}$
interface Interface Name text Name of interface to apply firewall rules on (I.E. eth0, br0, bond1, etc…) * This setting used during initial install only Required
Regex ^[a-zA-Z]+\d{1,3}$
interface_type Interface Type select This is used during initial device configuration only Optional
Valid values: ethernet (ethernet) ; bridge (bridge) ; wireless (wireless) ; adsl (adsl) ; bonding (bonding) ; multilink (multilink) ;
prefix Prefix text Prefix for ipset rules, should be kept short for logging purposes. Required
mode Operation Mode select Router or Bridge modes supported. * This setting used during initial install only Optional
Valid values: r (Router) ; b (Bridge) ;
use_default_firewall_actions Default actions for firewall rules select It is highly recommended to have these default actions configured by selecting “yes” unless you are using a predefined firewall rule set, or know what you are doing. Default actions are : “DROP” for inbound traffic, “ACCEPT” for local & outbound traffic * This setting used during initial install only Optional
Regex ^y$|^n$
Valid values: y (Yes) ; n (No) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
telemetry Telemetry select Optional
Valid values: enabled (enabled) ; disabled (disabled) ;
pppoe PPPOE instance number (0-99) text If you are using PPPOE and want to apply the firewall settings to it supply the PPPOE instance / unit number i.e. for “pppoe 1” type in 1. Leave empty if unused. Optional
Regex ^\d{1,2}$|^$
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^[1-3]\d{1,5}$|^\d{1,6}$

VyOS / VyOS 1.x (vyos_1x_ctp)

Name Label Type Description Validation
device_nickname Nickname text Name this device entry Required
policy Policy select Select the IP policy that will be loaded on your device. Required
ip_type IP Type radio Select the type of the external IP address of the device Required
ip_address IP Address text Enter the public IP address of the device. Required to access ThreatSTOP’s cloud services. Optional
dyndns_name Domain name text Enter a FQDN for an A record pointed to the dynamic IP address of the device. The A record must be updated as the IP address changes. Optional
note Note text Optional note about the devices Optional
inbound_rule_name Inbound rule set name text Inbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
outbound_rule_name Outbound rule set name text Outbound firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
local_rule_name Local rule set name text Local firewall rule set name. If you use a pre-existing firewall rule set, make sure you set an unused rule offset number. * This setting used during initial install only Required
Regex ^[\w\-\_\.]+$
rule_offset Rule set offset number text Rule offset is used to position our rules in the firewall rule set. Integer between 1-9999. * This setting used during initial install only Required
Regex ^\d{1,6}$|^[1-5]\d{1,6}$
interface Interface Name text Name of interface to apply firewall rules on (I.E. eth0, br0, bond1, etc…) * This setting used during initial install only Required
Regex ^[a-zA-Z]+\d{1,3}$
interface_type Interface Type select This is used during initial device configuration only Optional
Valid values: ethernet (ethernet) ; bridge (bridge) ; wireless (wireless) ; adsl (adsl) ; bonding (bonding) ; multilink (multilink) ;
prefix Prefix text Prefix for ipset rules, should be kept short for logging purposes. Required
mode Operation Mode select Router or Bridge modes supported. * This setting used during initial install only Optional
Valid values: r (Router) ; b (Bridge) ;
use_default_firewall_actions Default actions for firewall rules select It is highly recommended to have these default actions configured by selecting “yes” unless you are using a predefined firewall rule set, or know what you are doing. Default actions are : “DROP” for inbound traffic, “ACCEPT” for local & outbound traffic * This setting used during initial install only Optional
Regex ^y$|^n$
Valid values: y (Yes) ; n (No) ;
port DNS Port select The TCP Port used to reach the ThreatSTOP DNS Servers. Optional
Valid values: 53 (TCP/53) ; 5353 (TCP/5353) ;
telemetry Telemetry select Optional
Valid values: enabled (enabled) ; disabled (disabled) ;
pppoe PPPOE instance number (0-99) text If you are using PPPOE and want to apply the firewall settings to it supply the PPPOE instance / unit number i.e. for “pppoe 1” type in 1. Leave empty if unused. Optional
Regex ^\d{1,2}$|^$
maxpolicysize Maximum Policy Size text Truncate the block list if it reaches the specified size. Optional
Regex ^[1-3]\d{1,5}$|^\d{1,6}$