F5 blocked IP address expiration without the use of the F5 table irule command ?
I was reading about Palo Alto XSOAR and I saw that for silverline you can add an ip address using the REST-API that has timeout, so the IP address will be blocked just for some time and seems great but I was wondering how this was done ? Maybe the silverline uploads the ip address to a custom ip intelligence category and there is an external script/automation that removes it after the configured by the user time or something else and it i good to know if the same can be done for the on-prem F5 devices using REST-API and not the F5 irule table command and maybe the sideband command (https://community.f5.com/t5/technical-articles/populating-tables-with-csv-data-via-sideband-connections/ta-p/277376).
Please share if you know.
The Palo Alto XSOAR example:
I have renembered this topic as now I have played with new F5 BIG-IP versions an IP address can manually be added to a category with a TTL using the GUI or REST API so it seems that just Silverline software as a SaaS solution was just having the latest F5 features like the new TMOS versions.
Name Type Default Value Required Access Description
string required read/write The IP,TTL entries to be added or removed. The format is <IP,TTL IP,TTL …>, with the TTL being optional. For example: <22.214.171.124,100 126.96.36.199 fe::fc,200, 188.8.131.52,infinite>.
string required read/write The name of the category.