Customer Networks Integration Guide#

Introduction#

The customer networks service is a database containing IP networks at a customer location. Along with IP addresses, it also contains a network description, and a number of different flags. Customer networks are used to document the customers infrastructure for SOC analysts, and affects the behaviour of Argus event analysis. For Argus Network Analyzer, the Customer Networks will also affect the analysis of network traffic

Tip

For more technical documentation of the endpoints, API models, and how to use them, visit the Swagger API documentation.

Concepts#

Customer network

Describes an IP network at a customer location. This can either a host address or a network range. In addition to the IP it also contains information such as zone, description, and flags.

Network comment

A plaintext comment on a network.

(un)verified networks

When a network is created a flag named UNVERIFIED is set if the request explicitly said to, or if the user does not have permission to verify the network. If the network is unverified, a mnemonic TAM will go over and manually verify it. A network is automatically verified if the verified field in the request is true, and the parent network is verified, or the network is RFC1918, or the user has the permission verifyCustomerNetwork.

Permissions#

Before any of the API endpoints can be used, the user needs to obtain an API key. See the general integration guide for details on how to obtain and use such a key. There are two role groups related to Customer Networks that may be assigned to an API key. Each with its own intended use case. It is recommended to use one of these instead of individually assigning permission functions.

NETWORK-MANAGER

This role contains permissions in order to create/update/delete/view customer networks and comments.

TAM

This role contains permissions to verify/unverify a network.