Custom Sources : EDL Manager Support

You can add 3 types of Custom Sources.

Custom List Feed

A custom list feed is a URL that publishes data in the list format.

1.1.1.1
2.2.2.2
3.3.3.3

You need to input the URL and set the check interval. Please be mindful of the check interval and choose the value appropriately.

JSON feeds consist of multiple elements with no set structure. Every feed can be organized differently.

In order to filter a JSON feed, you can specify filter parameters

JSON Filter Target
- Input type: string
- Required
- This is the "Key" in the key, value pair where the value is the IP address(es) you want.
JSON Filter Target Parent
- Input type: string
- Optional
- This is the parent "Key" that that target is under
JSON Filter Target Sibling
- Input type: JSON
- Optional
- This can be 1 or more siblings of the target that also are under the parent
JSON Filter Target Parent Sibling
- Input type: JSON
- Optional
- This can be 1 or more siblings of the target's parent

Here is an example of filtering the Azure JSON feed.

In this case, in order to filter out all the Azure IP addresses that run the ActionGroup function, we need to specify 3 JSON filters

JSON Filter Target: addressPrefixes
JSON Filter Target Parent: properties
JSON Filter Target Parent Sibling: {"name": "ActionGroup"}
- Though it is not needed in this case, you can specify multiple sibling by using a filter such as this
  - {"name": "ActionGroup", "id": "ActionGroup"}

We do not need to specify the JSON Filter Target Sibling but it is indicated on the diagram so you know what it is.

When building JSON filters first ask yourself, what do I want? Then examine the JSON data to decide how specific you need your filters to be.

This is manual list of IP address, domains or URLs. It is what you want it to be.

Most frequently, manual sources are used to be able to create block or allow lists that are included in an EDL.