iboss
LAST UPDATED: AUG 19, 2025
Overview
iboss is a cloud-based cybersecurity platform that provides secure web gateway services, helping organizations protect users from internet threats by controlling and monitoring web traffic. It supports advanced web filtering, threat protection, and data loss prevention across distributed networks.
D3 SOAR is providing REST operations to function with iboss.
iboss is available for use in:
Known Limitations
The iboss Zero Trust SSE API is not rate-limited but may throttle or block excessive or abusive request volumes.
Connection
To connect to iboss from D3 SOAR, follow this part to collect the required information below:
Parameter | Description | Example |
Username | The account name used to authenticate with the iboss API. | admin |
Password | The password associated with the provided username. | ***** |
Account ID | The unique identifier assigned to the iboss account. | ***** |
READER NOTE
The prerequisite for using this guide is:
An active iboss Zero Trust SSE account and administrative privileges to manage the platform.
An active subscription to the capabilities accessed via the API.
The platform must be on version 10.1 or above.
Configuring D3 SOAR to Work with iboss
Log in to D3 SOAR.
Find the iboss integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type iboss in the search box to find the integration, then click it to select it.
Click on the + Connection button on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to iboss.
Connection Name: The desired name for the connection.
Site: The site on which to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.
Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): The description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, users can choose the specific tenant sites with which to share the connection. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: The checkbox that enables the connection to be used when selected.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input the Username.
2. Input the Password.
3. Input the Account ID. Account ID can be obtained using the Get Primary Account ID command.
Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.
Test the connection.
Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
iboss includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the iboss API, refer to the iboss API reference.
READER NOTE
Certain permissions are required for each command. Refer to the Permission Requirements and Configuring iboss to Work with D3 SOAR sections for details.
The following commands require the Account ID to be provided in the connection form or in the command configuration:
Add URL to Allow List
Add URL to Block List
Get URLs From Allow List
Get URLs From Block List
Remove URL From Allow List
Remove URL From Block List
Account ID can be obtained using the Get Primary Account ID command.
Add URL to Allow List
Adds specified URLs to the organization’s allow list.
READER NOTE
Account ID is an optional parameter to run this command.
Run the Get Primary Account ID command to obtain the Account ID.
This parameter is required if the connection form does not specify an account ID.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URLs or domains to add to the allow list. |
JSON
|
Allow Keyword and Safe Search | Optional | Whether the rule expands to include search engine keywords and queries related to the specified URLs or domains while SafeSearch remains enabled. By default, the value is set to No. | No |
Direction | Optional | The traffic direction to which the rule applies. Available options are:
By default, the value is set to Inbound. | Inbound |
Start Port | Optional | The starting port number used with End Port to define a port range. Enter 0 to not specify a port range. | 0 |
End Port | Optional | The ending port number used with Start Port to define a port range. Enter 0 to not specify a port range. | 0 |
Global | Optional | Whether to apply the rule globally across all users and groups. By default, the value is set to No. | No |
Is Regex | Optional | Whether to interpret the URLs as a regular expression. By default, the value is set to No. | No |
Is Timed URL | Optional | Whether to designate the allowed URLs as temporary. By default, the value is set to No. | No |
Timed URL Expires In Minutes | Optional | Applicable only when Is Timed URL is set to Yes. The URLs remain allowed for the specified duration (in minutes). | 0 |
Note | Optional | An optional annotation for the rule. Notes can be useful for audit and management purposes. | Sample Note |
Priority | Optional | The precedence of this allow list entry when multiple entries target the same URLs or domains. Entries with a higher priority are prioritized. | 0 |
Weight | Optional | The integer value that determines the entry's order in both evaluation and display. | 0 |
Account ID | Optional | The Account ID used to run this command. This parameter is required if the connection omits the Account ID. Account ID can be obtained using the Get Primary Account ID command. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Add URL to Allow List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Add URL to Allow List failed. Status Code: 401. Message: Unauthorized. |
Add URL to Block List
Adds specified URLs to the organization’s block list.
READER NOTE
Account ID is an optional parameter to run this command.
Run the Get Primary Account ID command to obtain the Account ID.
This parameter is required if the connection form does not specify an account ID.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URLs or domains to add to the block list. |
JSON
|
Allow Keyword And Safe Search | Optional | Whether the rule expands to include search engine keywords and queries related to the specified URLs or domains while SafeSearch remains enabled. By default, the value is set to No. | No |
Direction | Optional | The traffic direction to which the rule applies. Available options are:
By default, the value is set to Inbound. | Inbound |
Start Port | Optional | The starting port number used with End Port to define a port range. Enter 0 to not specify a port range. | 0 |
End Port | Optional | The ending port number used with Start Port to define a port range. Enter 0 to not specify a port range. | 0 |
Global | Optional | Whether to apply the rule globally across all users and groups. By default, the value is set to No. | No |
Is Regex | Optional | Whether to interpret the URLs as a regular expression. By default, the value is set to No. | No |
Is Timed URL | Optional | Whether to designate the blocked URLs as temporary. By default, the value is set to No. | No |
Timed URL Expires In Minutes | Optional | Applicable only when Is Timed URL is set to Yes. The URLs remain blocked for the specified duration (in minutes). | 0 |
Note | Optional | An optional annotation for the rule. Notes can be useful for audit and management purposes. | Sample Note |
Priority | Optional | The precedence of this block list entry when multiple entries target the same URLs or domains. Entries with a higher priority are prioritized. | 0 |
Weight | Optional | The integer value that determines the entry's order in both evaluation and display. | 0 |
Account ID | Optional | The Account ID used to run this command. This parameter is required if the connection omits the Account ID. Account ID can be obtained using the Get Primary Account ID command. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Add URL to Block List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Add URL to Block List failed. Status Code: 401. Message: Unauthorized. |
Get Primary Account ID
Retrieves the unique identifier (Account ID) of the primary account associated with the current session or organization.
Input
N/A
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Primary Account ID failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get Primary Account ID failed. Status Code: 401. Message: Unauthorized. |
Get URLs From Allow List
Retrieves URLs from the organization's allow list.
READER NOTE
Account ID is an optional parameter to run this command.
Run the Get Primary Account ID command to obtain the Account ID.
This parameter is required if the connection form does not specify an account ID.
Input
Input Parameter | Required/Optional | Description | Example |
Account ID | Optional | The Account ID used to run this command. This parameter is required if the connection omits the Account ID. Account ID can be obtained using the Get Primary Account ID command. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get URLs From Allow List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get URLs From Allow List failed. Status Code: 401. Message: Unauthorized. |
Get URLs From Block List
Retrieves URLs from the organization's block list.
READER NOTE
Account ID is an optional parameter to run this command.
Run the Get Primary Account ID command to obtain the Account ID.
This parameter is required if the connection form does not specify an account ID.
Input
Input Parameter | Required/Optional | Description | Example |
Account ID | Optional | The Account ID used to run this command. This parameter is required if the connection omits the Account ID. Account ID can be obtained using the Get Primary Account ID command. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get URLs From Block List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Get URLs From Block List failed. Status Code: 401. Message: Unauthorized. |
Remove URL From Allow List
Removes specified URLs from the allow list for the given account.
READER NOTE
URLs is a required parameter to run this command.
Run the Get URL From Allow List command to obtain the URLs. URLs can be found in the raw data at $.entries[*].url.
Account ID is an optional parameter to run this command.
Run the Get Primary Account ID command to obtain the Account ID.
This parameter is required if the connection form does not specify an account ID.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URLs or domains to remove from the allow list. URLs or domains can be obtained using the Get URL From Allow List command. |
JSON
|
Account ID | Optional | The Account ID used to run this command. This parameter is required if the connection omits the Account ID. Account ID can be obtained using the Get Primary Account ID command. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove URL From Allow List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Remove URL From Allow List failed. Status Code: 401. Message: Unauthorized. |
Remove URL From Block List
Removes specified URLs from the block list for the given account.
READER NOTE
URLs is a required parameter to run this command.
Run the Get URL From Block List command to obtain the URLs. URLs can be found in the raw data at $.entries[*].url.
Account ID is an optional parameter to run this command.
Run the Get Primary Account ID command to obtain the Account ID.
This parameter is required if the connection form does not specify an account ID.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URLs or domains to remove from the block list. URLs or domains can be obtained using the Get URL From Block List command. |
JSON
|
Account ID | Optional | The Account ID used to run this command. This parameter is required if the connection omits the Account ID. Account ID can be obtained using the Get Primary Account ID command. | ***** |
Output
To view the sample output data for all commands, refer to this article.
Error Handling
If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Remove URL From Block List failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Remove URL From Block List failed. Status Code: 401. Message: Unauthorized. |
Test Connection
Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Output Type | Description | Return Data Type |
Return Data | Indicates one of the possible command execution states: Successful or Failed. The Failed state can be triggered by any of the following errors:
More details about an error can be viewed in the Error tab. | String |
Error Handling
If the Return Data displays Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the iboss portal. Refer to the HTTP Status Code Registry for details. | Status Code: 401. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Unauthorized. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 401. Message: You must have a valid Support account to call this API |