Page tree

Contents

SwitchEffectDevice
--help or -?The available help systems, this command may be used in several locations to load context sensitive help (where available) relative to the commands and switches being used.Core
--versionThe version of tsadmin being accessed is displayed.Core
--show <device name>All information on record about a specified device, including the DNS server addresses is displayed.Core
--update <device name>Updates block and allow lists manuallyCore
--remove <device name>Removes an unwanted device from the list of devices to configure. Logs associated with the device will be left behind and will need to be deleted if they are not wanted.Core
--list

Displays a list of all devices currently being controlled by TSCM. Specifies the following information about the device:

  • Type: The type of firewall associated with the device, this will control which TSCM module is used to interface with the device.
  • Management IP: The IP address used to issue commands to the router.
  • Syslog IP: The IP address used by the router to provide event messages (block messages) to the ThreatSTOP client. Used by the VM to configure Syslog, to provide the associated IPs with routers.
  • Log Upload IP: The IP address to identify the log to ThreatSTOP. This must match what has been entered in the ThreatSTOP Portal.
  • Log size: What size the log is allowed to reach before being rotated out and scheduled for upload to ThreatSTOP for further analysis.
  • Device updates: Shows whether the device is setup to receive updates to the block and allow lists from ThreatSTOP.
  • Log uploads: Clearly shows if logs from this device will be gathered and uploaded to ThreatSTOP for analysis.
Core
--add <device name>Used to add a specified device to the TSCM. This is used to enter the device entry flow outlined in Adding a Device to the TSCM.Core
--configure <device name>Allows the specified device to be reconfigured after initial setup. More information about configuring a device may be found in TSCM Configuration.Core

Configuration Switches

SwitchEffectDevice
--additional_devices

If in HA mode, these are the additional IP(s) (quoted, space-separated)
Default value
: None

PANOS
--allow_address_group

Name of the address group for the allow lists
Default value: None

 FortiGate
--allow_listThreatSTOP Allow List Name
Default value: dns.threatstop.local
Core
--block_address_group

Name of the address group for the block lists
Default value: None

 FortiGate
--block_listThreatSTOP Block List Name
Default value: basic.threatstop.local
Core
--custom_password_prompt

Custom password prompt on the device
Default value: None

IOS

--custom_username_prompt

Custom username prompt on the device IOS
--deviceManagement IP address
Default value: None
Core
--dns_server

DNS server to use (use multiple times for more than one DNS server)

Note:

If no entry is provided the addresses are defaulted to: 192.124.129.0/26

Core
--enable_pwEnable password
Default value: None
Core
--logsizeSyslog file size in Kb before it is rotated
Default value: 100.
Core
--loguploadEnable log uploads. This has two valid statuses: enabled and disabledCore
--loguploadipExternal IP address of device (can be determined by a visit to our Valid IP page)Core
--max_dynamic_lists

Number of dynamic lists to use (2-9)
Default value: None
Valid values: [2,3,4,5,6,7,8,9]

PANOS
--maxpolicygroupsizeMaximum number of entries allowed in block or allow address groups
Default value: None
FortiGate
--maxpolicysizeMaximum number of entries allowed in block or allow object groups. This value will need to be adjusted based on the model of networking device. For example Cisco ASA models 5520 and higher will be ok with the default of 30000. However, other devices may have different sizes they can use.Core
--object_group_allowName of the network object group for the allow lists
Default value: threatstop-allow
Core
--object_group_blockName of the network object group for the block lists
Default value: threatstop-block
Core
--passwordSSH password, the password used to access the command line on the firewallCore
--portPort number to use for DNS queries, the default value is 53, and will not need to be changed in most casesCore
--ssh_options

Options to pass to SSH
Default value: None

IOS
--syslogipIP address from which to capture device logsCore
--trusted_zone

The name of the trusted zone
Default value: None

PANOS

--untrusted_zone

   

The name of the untrusted zone

Default value: None

PANOS
--updatesEnable device policy updates. Determines whether updates downloaded from ThreatSTOP will be applied to the device. Two states are available: enabled or disabledCore
--usernameSSH usernameCore
--vdom

Virtual domain name (case-sensitive)
Default value: None

FortiGate

--vdom_support

Enable virtual domain support
Default value: None
Valid values: enabled, disabled

FortiGate

--vsys_name

Virtual system name (case-sensitive)
Default value
: None

PANOS