Customer Networks Integration Guide#
Introduction#
The customer networks service is a database containing IP networks at a customer location. Along with IP addresses, it also contains a network description, and a number of different flags. Customer networks are used to document the customers infrastructure for SOC analysts, and affects the behaviour of Argus event analysis. For Argus Network Analyzer, the Customer Networks will also affect the analysis of network traffic
Tip
For more technical documentation of the endpoints, API models, and how to use them, visit the Swagger API documentation.
Concepts#
- Customer network
Describes an IP network at a customer location. This can either a host address or a network range. In addition to the IP it also contains information such as zone, description, and flags.
- Network comment
A plaintext comment on a network.
- (un)verified networks
When a network is created a flag named
UNVERIFIED
is set if the request explicitly said to, or if the user does not have permission to verify the network. If the network is unverified, a mnemonic TAM will go over and manually verify it. A network is automatically verified if the verified field in the request istrue
, and the parent network is verified, or the network is RFC1918, or the user has the permission verifyCustomerNetwork.
Permissions#
Before any of the API endpoints can be used, the user needs to obtain an API key. See the general integration guide for details on how to obtain and use such a key. There are two role groups related to Customer Networks that may be assigned to an API key. Each with its own intended use case. It is recommended to use one of these instead of individually assigning permission functions.
- NETWORK-MANAGER
This role contains permissions in order to create/update/delete/view customer networks and comments.
- TAM
This role contains permissions to verify/unverify a network.