> ## Documentation Index > Fetch the complete documentation index at: https://docs.onefirewall.com/llms.txt > Use this file to discover all available pages before exploring further. # Create WCF Agent > Creates a new WCF Agent with specified configuration for threat detection and IP blocking across multiple security platforms ## OpenAPI ````yaml post /agents openapi: 3.0.2 info: title: OneFirewall Alliance - OpenAPI 3.0 description: >- The API documentation site serves as a comprehensive resource for developers looking to utilize the OneFirewall Platform's application programming interface (API). It offers in-depth information on API endpoints, parameters, responses, and authentication processes. Additionally, it features practical examples and code snippets to assist developers in integrating the API into their own applications. The website is crafted to be user-friendly, intuitive, and easily navigable, enabling developers to swiftly locate the necessary information to begin working with the API. termsOfService: https://onefirewall.com/eula.html contact: email: support@onefirewall.com url: https://onefirewall.com/contact.html name: Engineering Division license: name: '' url: '' version: V4.18.0 servers: - url: https://app.onefirewall.com/api/v1 description: OneFirewall Server variables: {} security: [] tags: - name: IPv4 Feeds description: '' externalDocs: description: '' url: '' - name: IoCs description: '' externalDocs: description: '' url: '' - name: Tools description: '' externalDocs: description: '' url: '' - name: URL Feeds description: '' externalDocs: description: '' url: '' - name: Domain Feeds description: '' externalDocs: description: '' url: '' - name: Security Binary Feeds description: '' externalDocs: description: '' url: '' - name: Secure VPN description: Secure VPN by OneFirewall externalDocs: description: '' url: '' - name: WCF Agent description: '' externalDocs: description: '' url: '' externalDocs: description: http://docs.onefirewall.com url: http://app.onefirewall.com paths: /agents: post: tags: - WCF Agents summary: Create WCF Agent description: >- Creates a new WCF Agent with specified configuration for threat detection and IP blocking across multiple security platforms operationId: createWCFAgent requestBody: required: true content: application/json: schema: type: object required: - gaid - ts - score_threshold - start_from - version - proxy - sync_time - maximum_rules properties: gaid: type: string description: >- Global Agent ID - unique identifier for the agent starting with `OFA-AGENT-ID-` followed by a unique string of alphanumeric characters. Later on used used as `agid` example: OFA-AGENT-ID-6QMRfdQp3G0Skkkkkkkk ts: type: integer format: int64 description: Timestamp in milliseconds example: 1753828861732 score_threshold: type: integer description: Minimum threat score threshold for triggering actions minimum: 0 maximum: 1000 example: 150 start_from: type: integer description: Starting index for processing minimum: 0 example: 0 version: type: string description: Agent version example: v4.60.4 proxy: type: string enum: - CLOUD - LOCAL description: Proxy mode configuration example: CLOUD sync_time: type: integer description: Synchronization interval in minutes minimum: 1 example: 1 maximum_rules: type: integer description: Maximum number of rules to process example: 99999998 api_url: type: string format: uri description: Primary API endpoint for IPv4 operations example: http://127.0.0.1:8081/api/v1/ipv4 api_url_bulk: type: string format: uri description: Bulk API endpoint for IP operations example: http://127.0.0.1:8081/api/v2/ips api_url_feedback: type: string format: uri description: Feedback API endpoint example: http://127.0.0.1:8081/api/v1/feedback auth_name: type: string description: Authentication header name example: Authorization api_jwt_key: type: string nullable: true description: JWT key for API authentication ids: type: object description: Configuration for various Intrusion Detection Systems properties: iptables: type: object properties: active: type: boolean ebtables: type: object properties: active: type: boolean pflist: type: object properties: active: type: boolean modsec: type: object properties: active: type: boolean modsec_logs: type: string description: Path to ModSecurity audit logs example: /var/log/apache2/modsec_audit.log cloudflare: type: object properties: active: type: boolean cloudflare_x_auth_email: type: string description: Cloudflare authentication email cloudflare_x_auth_key: type: string description: Cloudflare authentication key luna: type: object properties: active: type: boolean json: type: array items: {} description: Luna configuration JSON array sshlog: type: object properties: active: type: boolean ssh_log_location: type: string description: Path to SSH log files example: /var/log/auth.log ips: type: object description: Configuration for various IP Protection Systems properties: httpd: type: object properties: active: type: boolean command: type: string description: Command to execute for HTTP daemon blacklist updates example: cp blacklist_onefirewall.txt httpd/blacklist.txt iptables: type: object properties: active: type: boolean acl: type: string description: Path to ACL file example: /opt/onefirewall/acl/ipset.txt reload_command: type: string description: Command to reload iptables rules example: >- sudo ipset flush blacklist && sudo ipset restore < /opt/onefirewall/acl/ipset.txt checkpoint: type: object properties: active: type: boolean username: type: string description: Checkpoint username example: admin password: type: string description: Checkpoint password address: type: string format: uri description: Checkpoint management server address example: https://10.47.2.48 group: type: string description: Checkpoint security group example: OneFirewall_IPS policy: type: string description: Security policy name example: standard domain: type: string description: Checkpoint domain example: Test_domain_Server gateways: type: string description: Gateway configuration example: Test_gw checkpoint_securexl: type: object properties: active: type: boolean connections: type: string description: SSH connection string example: ofa@192.168.1.40 password: type: string description: Connection password example: admin1 command: type: string description: Command to execute remotely example: bash artifacts/checkpoint/install-securexl.sh vsids: type: string description: Virtual system IDs example: 1,2 fortigate: type: object properties: active: type: boolean connections: type: string description: SSH connection string example: ofa@192.168.1.40 password: type: string description: Connection password example: admin1 command: type: string description: Command to execute example: >- bash artifacts/fortigate/install-fortigate-url-feed.sh feeds: type: string description: Feed endpoint example: /api/v1/feeds updates: type: string description: Update interval example: '5' csp: type: object properties: active: type: boolean connections: type: string description: SSH connection string example: ofa@192.168.1.40 password: type: string description: Connection password example: admin1 command: type: string description: Command to execute example: bash artifacts/csp.sh feeds: type: string description: Feed file name example: onefirewall.txt updates: type: string description: Update interval example: '5' ebtables: type: object properties: active: type: boolean pflist: type: object properties: active: type: boolean ofa_ips_txt: type: string description: Path to OneFirewall IPs text file example: /opt/apps/onefirewall-cloud-client/ofa-ips.txt pflist_reload_command: type: string description: Command to reload PF configuration example: sudo pfctl -f /etc/pf.conf; modsec: type: object properties: active: type: boolean ruleset: type: string description: Path to ModSecurity ruleset example: >- /usr/share/modsecurity-crs/rules/onefirewall_rules.conf modsec_reload_command: type: string description: Command to reload ModSecurity example: sudo apachectl -k graceful; cloudflare: type: object properties: active: type: boolean cloudflare_x_auth_email: type: string description: Cloudflare authentication email cloudflare_x_auth_key: type: string description: Cloudflare authentication key cisco: type: object properties: active: type: boolean cisco_host: type: string description: Cisco device hostname or IP cisco_user: type: string description: Cisco device username cisco_password: type: string description: Cisco device password haproxy: type: object properties: active: type: boolean haproxy_logs: type: string description: Path to HAProxy logs example: /opt/onefirewall/acl/haproxy.txt haproxy_reload_command: type: string description: Command to reload HAProxy example: sudo service haproxy reload csv: type: object properties: active: type: boolean csv_logs: type: string description: Path to CSV logs example: /opt/onefirewall/feeds.csv csv_reload_command: type: string description: Command to process CSV example: wc /opt/onefirewall/feeds.csv aws: type: object properties: active: type: boolean accessKeyId: type: string description: AWS Access Key ID secretAccessKey: type: string description: AWS Secret Access Key region: type: string description: AWS region sophos: type: object properties: active: type: boolean user: type: string description: Sophos username password: type: string description: Sophos password address: type: string description: Sophos device address command: type: string description: Command to execute example: bash artifacts/sophos/update_blacklist_sophos.sh trellix: type: object properties: active: type: boolean username: type: string description: Trellix username password: type: string description: Trellix password api: type: string description: Trellix API endpoint fileslist_file: type: string description: Path to files list file broker_ca_bundle: type: string description: Path to broker CA bundle cert_file: type: string description: Path to certificate file private_key: type: string description: Path to private key file infoblox: type: object properties: active: type: boolean username: type: string description: Infoblox username password: type: string description: Infoblox password api: type: string description: Infoblox API endpoint group: type: string description: Infoblox group policy: type: string description: Infoblox policy action: type: string description: Infoblox action view: type: string description: Infoblox view domains_file: type: string description: Path to domains file domains_file_whitelist: type: string description: Path to domains whitelist file api_whitelist_url: type: string description: API whitelist URL forcepoint: type: object properties: active: type: boolean username: type: string description: Forcepoint username password: type: string description: Forcepoint password api: type: string description: Forcepoint API endpoint group: type: string description: Forcepoint group policy: type: string description: Forcepoint policy action: type: string description: Forcepoint action parent: type: string nullable: true description: Parent configuration urls_file: type: string description: Path to URLs file responses: '201': description: WCF Agent created successfully content: application/json: schema: type: object properties: success: type: boolean example: true message: type: string example: WCF Agent created successfully agent_id: type: string example: OFA-AGENT-ID-6QMRfdQp3G0Skkkkkkkk '400': description: Bad request - Invalid agent configuration content: application/json: schema: type: object properties: error: type: string example: Invalid configuration parameters details: type: array items: type: string example: - score_threshold must be between 0 and 1000 - gaid is required '401': description: Unauthorized - Invalid authentication content: application/json: schema: type: object properties: error: type: string example: Invalid or missing authentication token '500': description: Internal server error content: application/json: schema: type: object properties: error: type: string example: Internal server error occurred ````