Reputation v2 Overrides

Overrides in Reputation define the scores of known IP/domain observations, overriding any calculated score. In its essence an override consists of a value and a score. The value serves as a lookup match for observations, and the score is applied to the observation if it matches the value.

Currently supported value types are IP (both IPv4 and IPv6) and domain (FQDN).

Each override belongs to an override list, and a user will require read access to the given override list to view the override, and write access when creating or modifying an override belonging to the list.

An override is only valid until a certain point in time and will be considered expired after this. It is possible to update this value to extend its lifetime.

IP overrides

An IP override value can be a single IPv4 or IPv6 address only matching a specific address, or a range of addresses matching all IPs within the range. The range can either be specified by a dash (192.168.0.1-192.168.0.100) or using CIDR notation (192.168.0.0/24).

Domain overrides

Domain Overrides applies to the given domain, and optionally all of its subdomains. When looking for domain overrides for a given subdomain, the service will also look for any parent domains with the applyToSubdomains flag set.

API endpoints

Full API spec can be found here: link

Example usage

Searching for overrides

There are two endpoints used for searching for overrides: a simple search and an advanced search. The simple search supports only keywords, whereas the advanced search allows you to tailor the search to type specific criteria. For instance the advanced search supports searching for overrides for both sub- and parent domains for a given domain, or to search for all overrides for an IP, taking in account both single address overrides and IP range overrides the IP falls within.

Visit the Swagger page for a full overview of search capabilities.

Create an override

curl -X POST 'https://api.mnemonic.no/reputation/v2/override' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Argus-API-Key: my/api/key' \
  -d '{
  "list": "myOverrideList",
  "type": "domain",
  "value": "vg.no",
  "score": 0.0,
  "validUntil": 1756802103000,
  "reason": "VG is a respected news page in Norway.",
  "applyToSubdomains": true
  }'

Retrieve an override by its ID

curl -X GET 'https://api.mnemonic.no/reputation/v2/override/8ce13781-6835-4c42-84d3-be78671f1393' \
  -H 'Content-Type: application/json' \
  -H 'Argus-API-Key: my/api/key' \

Update an override

curl -X PUT 'https://api.mnemonic.no/reputation/v2/override/8ce13781-6835-4c42-84d3-be78671f1393' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Argus-API-Key: my/api/key' \
  -d '{
  "score": 0.8,
  "validUntil": 1757802103000,
  "reason": "VG has been delivering malware.",
  }'

Delete an override

curl -X DELETE 'https://api.mnemonic.no/reputation/v2/override/8ce13781-6835-4c42-84d3-be78671f1393' \
  -H 'Content-Type: application/json' \
  -H 'Argus-API-Key: my/api/key' \