{ "name": "DXL_Network_Events", "version": "3.0", "type": "DXL_EVENT", "event_type": [ "NETWORK_IPV4", "NETWORK_IPV6" ], "vendor_identifier": "McAfee", "quoting": "ASIS", "instance_variables": [ { "name": "DXL_MessageFormat", "type": "STRING" }, { "name": "OPERATION_TYPES", "type": "STRING", "value": "insert/modify/delete" } ], "steps": [ { "name": "Debug#0", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set time vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:New_Time}:{E:timestamp}}${XC:FORMAT:TRUNCATE:{L:New_Time}:{16t}}" ] }, { "name": "Set Old_Time", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{DXL_LastEventSentAt}{value}}", "op": "==", "right": "" } ], "eval": "${XC:ASSIGN:{L:Old_Time}:{S:}}", "else_eval": "${XC:COPY:{L:Old_Time}:{E:values{extattrs}{DXL_LastEventSentAt}{value}}}}${XC:FORMAT:TRUNCATE:{L:Old_Time}:{16t}}" } }, { "name": "Debug#1", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "STOP if modified in the last second", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:New_Time}", "op": "==", "right": "${L:A:Old_Time}" } ], "stop": true } }, { "name": "Debug#2", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "STOP if sync not requested", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{DXL_Sync}{value}}", "op": "==", "right": "" }, { "left": "${E:A:values{extattrs}{DXL_Sync}{value}}", "op": "==", "right": "false" } ], "stop": true } }, { "name": "init_internal_data", "operation": "VARIABLEOP", "variable_ops": [ { "operation": "ASSIGN", "type": "DICTIONARY", "destination": "L:internal", "keys": [ "analyzer_ipv4", "analyzer_ipv6", "source_ipv4", "source_ipv6", "target_ipv4", "target_ipv6", "severity" ], "values": [ "", "", "", "", "", "", "7" ] } ] }, { "name": "check what operation types are allowed", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::OPERATION_TYPES}", "op": "!~", "right": "((?i).*${E::operation_type}.*)" } ], "next": "Fin" } }, { "name": "is_analyzer_source_Network_ipv4", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::object_type}", "op": "==", "right": "Network" }, { "left": "${E::values{network}}", "op": "!~", "right": ":" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{analyzer_ipv4}}:{E:member_ip}}${XC:COPY:{L:internal{source_ipv4}}:{E:member_ip}}${XC:ASSIGN:{L:IPv}:{I:4}}", "else_eval": "${XC:COPY:{L:internal{analyzer_ipv6}}:{E:member_ip}}${XC:COPY:{L:internal{source_ipv6}}:{E:member_ip}}${XC:ASSIGN:{L:IPv}:{I:6}}" } }, { "name": "check if Network IPv4 to assign target_ipv4", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::event_type}", "op": "==", "right": "NETWORK_IPV4" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{target_ipv4}}:{E:values{network}}}", "next": "is_severity_7" } }, { "name": "check if Network IPv6 to assign target_ipv6", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::event_type}", "op": "==", "right": "NETWORK_IPV6" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{target_ipv6}}:{E:values{network}}}" } }, { "name": "is_severity_7", "operation": "CONDITION", "condition": { "statements": [ { "left": "1", "op": "==", "right": "1" } ], "condition_type": "AND", "eval": "${XC:ASSIGN:{L:internal{severity}}:{I:7}}" } }, { "name": "check if network to assign values", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::object_type}", "op": "==", "right": "Network" }, { "left": "${E::object_type}", "op": "==", "right": "IPv6Network" } ], "condition_type": "OR", "eval": "${XC:COPY:{L:ruleName}:{E:member_name}}${XC:FORMAT:TRUNCATE:{L:ruleName}:{-128f}}${XC:COPY:{L:threatName}:{E:values{_ref}}}${XC:FORMAT:TRUNCATE:{L:threatName}:{-128f}}${XC:COPY:{L:DetectedUTC}:{E:timestamp}}${XC:ASSIGN:{L:Obj_ref}:{S:}}${XC:ASSIGN:{L:network_view}:{S:default}}${XC:COPY:{L:Object_type}:{E:object_type}}${XC:ASSIGN:{L:threatActionTaken}:{S:Alert}}${XC:ASSIGN:{L:threatHandled}:{I:1}}${XC:COPY:{L:operation_type}:{E:operation_type}}" } }, { "name": "check GUID", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{ePO_GUID}{value}}", "op": "==", "right": "" } ], "eval": "${XC:COPY:{L:GUID}:{UT:UUID}}${XC:ASSIGN:{L:GUIDtype}:{S:generated}}", "else_eval": "${XC:COPY:{L:GUID}:{E:values{extattrs}{ePO_GUID}{value}}}${XC:ASSIGN:{L:GUIDtype}:{S:local}}" } }, { "name": "jump if have GUID or no WAPI credentials or is delete", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:GUIDtype}", "op": "==", "right": "local" }, { "left": "${UT:A:WAPIUSERNAME}", "op": "==", "right": "" }, { "left": "${E:A:operation_type}", "op": "==", "right": "DELETE" } ], "next": "Check if operation type was delete to avoid errors" } }, { "name": "Check if operation type was delete to avoid errors", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E:A:operation_type}", "op": "==", "right": "DELETE" } ], "next": "check DXL_MessageFormat_Delete" } }, { "name": "check ipv4 to updated sync and time stamp", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E::values{network}}", "op": "=~", "right": ":" } ], "next": "updated ipv6 time stamp" } }, { "name": "Get Network_IPv4 extattrs", "operation": "GET", "transport": { "path": "network?network=${E::values{network}}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "name": "updated ipv4 time stamp", "operation": "PUT", "transport": { "path": "${E:A:values{_ref}}" }, "wapi": "v2.7", "wapi_quoting": "JSON", "body_list": [ "{\"extattrs+\":{\"ePO_GUID\": { \"value\": \"${L:A:GUID}\"},\"DXL_LastEventSentAt\": { \"value\": \"${E:A:timestamp}\"}}}" ] }, { "name": "skip updating ipv6", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "GET Network IPv4 data" } }, { "name": "Get Network_IPv6 extattrs", "operation": "GET", "transport": { "path": "ipv6network?network=${E::values{network}}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "name": "updated ipv6 time stamp", "operation": "PUT", "transport": { "path": "${E:A:values{_ref}}" }, "wapi": "v2.7", "wapi_quoting": "JSON", "body_list": [ "{\"extattrs+\":{\"ePO_GUID\": { \"value\": \"${L:A:GUID}\"},\"DXL_LastEventSentAt\": { \"value\": \"${E:A:timestamp}\"}}}" ] }, { "name": "Check if network ipv6", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E::event_type}", "op": "==", "right": "NETWORK_IPV6" } ], "next": "GET Network IPv6 data" } }, { "name": "GET Network IPv4 data", "operation": "GET", "transport": { "path": "network?network=${E::values{network}}&_return_fields=authority,comment,conflict_count,ddns_generate_hostname,ddns_server_always_updates,ddns_ttl,ddns_update_fixed_addresses,ddns_use_option81,deny_bootp,dhcp_utilization,dhcp_utilization_status,disable,dynamic_hosts,email_list,enable_ddns,enable_dhcp_thresholds,enable_discovery,enable_ifmap_publishing,enable_pxe_lease_time,extattrs,high_water_mark,high_water_mark_reset,ignore_dhcp_option_list_request,ignore_id,ignore_mac_addresses,ipam_email_addresses,ipam_threshold_settings,ipam_trap_settings,ipv4addr,lease_scavenge_time,logic_filter_rules,low_water_mark,low_water_mark_reset,members,mgm_private,mgm_private_overridable,netmask,network,network_container,network_view,options,port_control_blackout_setting,recycle_leases,rir,rir_registration_status,same_port_control_discovery_blackout,static_hosts,subscribe_settings,total_hosts,unmanaged,update_dns_on_lease_renewal,utilization,utilization_update,zone_associations" }, "wapi": "v2.7" }, { "name": "Debug#45", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set Network IPv4 vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:authority}:{P:PARSE[0]{authority}}}", "${XC:COPY:{L:conflict_count}:{P:PARSE[0]{conflict_count}}}", "${XC:COPY:{L:ddns_generate_hostname}:{P:PARSE[0]{ddns_generate_hostname}}}", "${XC:COPY:{L:ddns_server_always_updates}:{P:PARSE[0]{ddns_server_always_updates}}}", "${XC:COPY:{L:ddns_ttl}:{P:PARSE[0]{ddns_ttl}}}", "${XC:COPY:{L:ddns_update_fixed_addresses}:{P:PARSE[0]{ddns_update_fixed_addresses}}}", "${XC:COPY:{L:ddns_use_option81}:{P:PARSE[0]{ddns_use_option81}}}", "${XC:COPY:{L:deny_bootp}:{P:PARSE[0]{deny_bootp}}}", "${XC:COPY:{L:dhcp_utilization}:{P:PARSE[0]{dhcp_utilization}}}", "${XC:COPY:{L:dhcp_utilization_status}:{P:PARSE[0]{dhcp_utilization_status}}}", "${XC:COPY:{L:disable}:{P:PARSE[0]{disable}}}", "${XC:COPY:{L:dynamic_hosts}:{P:PARSE[0]{dynamic_hosts}}}", "${XC:COPY:{L:email_list}:{P:PARSE[0]{email_list}}}", "${XC:COPY:{L:enable_ddns}:{P:PARSE[0]{enable_ddns}}}", "${XC:COPY:{L:enable_dhcp_thresholds}:{P:PARSE[0]{enable_dhcp_thresholds}}}", "${XC:COPY:{L:enable_discovery}:{P:PARSE[0]{enable_discovery}}}", "${XC:COPY:{L:enable_ifmap_publishing}:{P:PARSE[0]{enable_ifmap_publishing}}}", "${XC:COPY:{L:enable_pxe_lease_time}:{P:PARSE[0]{enable_pxe_lease_time}}}", "${XC:COPY:{L:extattrs}:{P:PARSE[0]{extattrs}{ePO_GUID}{value}}}", "${XC:COPY:{L:high_water_mark}:{P:PARSE[0]{high_water_mark}}}", "${XC:COPY:{L:high_water_mark_reset}:{P:PARSE[0]{high_water_mark_reset}}}", "${XC:COPY:{L:ignore_dhcp_option_list_request}:{P:PARSE[0]{ignore_dhcp_option_list_request}}}", "${XC:COPY:{L:ignore_id}:{P:PARSE[0]{ignore_id}}}", "${XC:COPY:{L:ignore_mac_addresses}:{P:PARSE[0]{ignore_mac_addresses}}}", "${XC:COPY:{L:ipam_email_addresses}:{P:PARSE[0]{ipam_email_addresses}}}", "${XC:COPY:{L:ipam_threshold_settings}:{P:PARSE[0]{ipam_threshold_settings}}}", "${XC:COPY:{L:ipam_trap_settings}:{P:PARSE[0]{ipam_trap_settings}}}", "${XC:COPY:{L:ipv4addr}:{P:PARSE[0]{ipv4addr}}}", "${XC:COPY:{L:lease_scavenge_time}:{P:PARSE[0]{lease_scavenge_time}}}", "${XC:COPY:{L:logic_filter_rules}:{P:PARSE[0]{logic_filter_rules}}}", "${XC:COPY:{L:low_water_mark}:{P:PARSE[0]{low_water_mark}}}", "${XC:COPY:{L:low_water_mark_reset}:{P:PARSE[0]{low_water_mark_reset}}}", "${XC:COPY:{L:members}:{P:PARSE[0]{members}}}", "${XC:COPY:{L:mgm_private}:{P:PARSE[0]{mgm_private}}}", "${XC:COPY:{L:mgm_private_overridable}:{P:PARSE[0]{mgm_private_overridable}}}", "${XC:COPY:{L:netmask}:{P:PARSE[0]{netmask}}}", "${XC:COPY:{L:network}:{P:PARSE[0]{network}}}", "${XC:COPY:{L:network_container}:{P:PARSE[0]{network_container}}}", "${XC:COPY:{L:network_view}:{P:PARSE[0]{network_view}}}", "${XC:COPY:{L:options}:{P:PARSE[0]{options}}}", "${XC:COPY:{L:port_control_blackout_setting}:{P:PARSE[0]{port_control_blackout_setting}}}", "${XC:COPY:{L:recycle_leases}:{P:PARSE[0]{recycle_leases}}}", "${XC:COPY:{L:rir}:{P:PARSE[0]{rir}}}", "${XC:COPY:{L:rir_registration_status}:{P:PARSE[0]{rir_registration_status}}}", "${XC:COPY:{L:same_port_control_discovery_blackout}:{P:PARSE[0]{same_port_control_discovery_blackout}}}", "${XC:COPY:{L:static_hosts}:{P:PARSE[0]{static_hosts}}}", "${XC:COPY:{L:subscribe_settings}:{P:PARSE[0]{subscribe_settings}}}", "${XC:COPY:{L:total_hosts}:{P:PARSE[0]{total_hosts}}}", "${XC:COPY:{L:unmanaged}:{P:PARSE[0]{unmanaged}}}", "${XC:COPY:{L:update_dns_on_lease_renewal}:{P:PARSE[0]{update_dns_on_lease_renewal}}}", "${XC:COPY:{L:utilization}:{P:PARSE[0]{utilization}}}", "${XC:COPY:{L:utilization_update}:{P:PARSE[0]{utilization_update}}}", "${XC:COPY:{L:zone_associations}:{P:PARSE[0]{zone_associations}}}", "${XC:ASSIGN:{L:ddns_enable_option_fqdn}:{S:}}", "${XC:ASSIGN:{L:domain_name_servers}:{S:}}", "${XC:ASSIGN:{L:preferred_lifetime}:{S:}}", "${XC:ASSIGN:{L:valid_lifetime}:{S:}}" ] }, { "name": "Check comment", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{comment}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:comment}:{P:PARSE[0]{comment}}}", "else_eval": "${XC:ASSIGN:{L:comment}:{S:}}" } }, { "name": "Debug#46", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "Skip to send Data to DXL#7", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "check DXL_MessageFormat" } }, { "name": "GET Network IPv6 data", "operation": "GET", "transport": { "path": "ipv6network?network=${E::values{network}}&_return_fields=ddns_enable_option_fqdn,comment,ddns_generate_hostname,ddns_server_always_updates,ddns_ttl,disable,domain_name_servers,enable_ddns,enable_discovery,enable_ifmap_publishing,extattrs,members,mgm_private,mgm_private_overridable,network,network_container,network_view,options,port_control_blackout_setting,preferred_lifetime,recycle_leases,rir,rir_registration_status,same_port_control_discovery_blackout,subscribe_settings,unmanaged,update_dns_on_lease_renewal,valid_lifetime,zone_associations" }, "wapi": "v2.7" }, { "name": "Debug#47", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set Network IPv6 vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:ddns_enable_option_fqdn}:{P:PARSE[0]{ddns_enable_option_fqdn}}}", "${XC:COPY:{L:ddns_generate_hostname}:{P:PARSE[0]{ddns_generate_hostname}}}", "${XC:COPY:{L:ddns_server_always_updates}:{P:PARSE[0]{ddns_server_always_updates}}}", "${XC:COPY:{L:ddns_ttl}:{P:PARSE[0]{ddns_ttl}}}", "${XC:COPY:{L:disable}:{P:PARSE[0]{disable}}}", "${XC:COPY:{L:domain_name_servers}:{P:PARSE[0]{domain_name_servers}}}", "${XC:COPY:{L:enable_ddns}:{P:PARSE[0]{enable_ddns}}}", "${XC:COPY:{L:enable_discovery}:{P:PARSE[0]{enable_discovery}}}", "${XC:COPY:{L:enable_ifmap_publishing}:{P:PARSE[0]{enable_ifmap_publishing}}}", "${XC:COPY:{L:extattrs}:{P:PARSE[0]{extattrs}{ePO_GUID}{value}}}", "${XC:COPY:{L:members}:{P:PARSE[0]{members}}}", "${XC:COPY:{L:mgm_private}:{P:PARSE[0]{mgm_private}}}", "${XC:COPY:{L:mgm_private_overridable}:{P:PARSE[0]{mgm_private_overridable}}}", "${XC:COPY:{L:network}:{P:PARSE[0]{network}}}", "${XC:COPY:{L:network_container}:{P:PARSE[0]{network_container}}}", "${XC:COPY:{L:network_view}:{P:PARSE[0]{network_view}}}", "${XC:COPY:{L:options}:{P:PARSE[0]{options}}}", "${XC:COPY:{L:port_control_blackout_setting}:{P:PARSE[0]{port_control_blackout_setting}}}", "${XC:COPY:{L:preferred_lifetime}:{P:PARSE[0]{preferred_lifetime}}}", "${XC:COPY:{L:recycle_leases}:{P:PARSE[0]{recycle_leases}}}", "${XC:COPY:{L:rir}:{P:PARSE[0]{rir}}}", "${XC:COPY:{L:rir_registration_status}:{P:PARSE[0]{rir_registration_status}}}", "${XC:COPY:{L:same_port_control_discovery_blackout}:{P:PARSE[0]{same_port_control_discovery_blackout}}}", "${XC:COPY:{L:subscribe_settings}:{P:PARSE[0]{subscribe_settings}}}", "${XC:COPY:{L:unmanaged}:{P:PARSE[0]{unmanaged}}}", "${XC:COPY:{L:update_dns_on_lease_renewal}:{P:PARSE[0]{update_dns_on_lease_renewal}}}", "${XC:COPY:{L:valid_lifetime}:{P:PARSE[0]{valid_lifetime}}}", "${XC:COPY:{L:zone_associations}:{P:PARSE[0]{zone_associations}}}", "${XC:ASSIGN:{L:authority}:{S:}}", "${XC:ASSIGN:{L:conflict_count}:{S:}}", "${XC:ASSIGN:{L:ddns_update_fixed_addresses}:{S:}}", "${XC:ASSIGN:{L:ddns_use_option81}:{S:}}", "${XC:ASSIGN:{L:deny_bootp}:{S:}}", "${XC:ASSIGN:{L:dhcp_utilization}:{S:}}", "${XC:ASSIGN:{L:dhcp_utilization_status}:{S:}}", "${XC:ASSIGN:{L:dynamic_hosts}:{S:}}", "${XC:ASSIGN:{L:email_list}:{S:}}", "${XC:ASSIGN:{L:enable_dhcp_thresholds}:{S:}}", "${XC:ASSIGN:{L:enable_pxe_lease_time}:{S:}}", "${XC:ASSIGN:{L:high_water_mark}:{S:}}", "${XC:ASSIGN:{L:high_water_mark_reset}:{S:}}", "${XC:ASSIGN:{L:ignore_dhcp_option_list_request}:{S:}}", "${XC:ASSIGN:{L:ignore_id}:{S:}}", "${XC:ASSIGN:{L:ignore_mac_addresses}:{S:}}", "${XC:ASSIGN:{L:ipam_email_addresses}:{S:}}", "${XC:ASSIGN:{L:ipam_threshold_settings}:{S:}}", "${XC:ASSIGN:{L:ipam_trap_settings}:{S:}}", "${XC:ASSIGN:{L:ipv4addr}:{S:}}", "${XC:ASSIGN:{L:lease_scavenge_time}:{S:}}", "${XC:ASSIGN:{L:logic_filter_rules}:{S:}}", "${XC:ASSIGN:{L:low_water_mark}:{S:}}", "${XC:ASSIGN:{L:low_water_mark_reset}:{S:}}", "${XC:ASSIGN:{L:netmask}:{S:}}", "${XC:ASSIGN:{L:static_hosts}:{S:}}", "${XC:ASSIGN:{L:total_hosts}:{S:}}", "${XC:ASSIGN:{L:utilization}:{S:}}", "${XC:ASSIGN:{L:utilization_update}:{S:}}" ] }, { "name": "Check comment#2", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{comment}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:comment}:{P:PARSE[0]{comment}}}", "else_eval": "${XC:ASSIGN:{L:comment}:{S:}}" } }, { "name": "check DXL_MessageFormat", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::DXL_MessageFormat}", "op": "==", "right": "CEF" } ], "next": "send_CEF" } }, { "name": "Debug#48", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "send_OpenDXL", "operation": "DXL_SEND_EVENT", "body_list": [ "{", " \"eventMsgType\": \"Infoblox Change Event\",", " \"eventMsgVersion\": \"1.0\",", " \"event\": {", " \"category\": \"${E::event_type}\",", " \"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", " \"eventType\": \"${E::operation_type}\",", " \"eventId\": \"204163\",", " \"analyzer\": {", " \"id\": \"S_INFBLX0802\",", " \"version\": \"8.2.1\",", " \"name\": \"NIOS\",", " \"detectionMethod\": \"NIOS\",", " \"hostName\": \"${E::member_name}\",", " \"detectedUTC\": \"${L::DetectedUTC}\",", " \"ipv4\": \"${L::internal{analyzer_ipv4}}\",", " \"ipv6\": \"${L::internal{analyzer_ipv6}}\"", " },", " \"entity\": {", " \"groupName\": \"\",", " \"osPlatform\": \"\",", " \"osType\": \"\",", " \"type\": \"\",", " \"sessionID\": \"\",", " \"authority\": \"${L::authority}\",", " \"conflict_count\": \"${L::conflict_count}\",", " \"ddns_generate_hostname\": \"${L::ddns_generate_hostname}\",", " \"ddns_server_always_updates\": \"${L::ddns_server_always_updates}\",", " \"ddns_ttl\": \"${L::ddns_ttl}\",", " \"ddns_update_fixed_addresses\": \"${L::ddns_update_fixed_addresses}\",", " \"ddns_use_option81\": \"${L::ddns_use_option81}\",", " \"deny_bootp\": \"${L::deny_bootp}\",", " \"dhcp_utilization\": \"${L::dhcp_utilization}\",", " \"dhcp_utilization_status\": \"${L::dhcp_utilization_status}\",", " \"disable\": \"${L::disable}\",", " \"dynamic_hosts\": \"${L::dynamic_hosts}\",", " \"enable_ddns\": \"${L::enable_ddns}\",", " \"enable_dhcp_thresholds\": \"${L::enable_dhcp_thresholds}\",", " \"enable_discovery\": \"${L::enable_discovery}\",", " \"enable_ifmap_publishing\": \"${L::enable_ifmap_publishing}\",", " \"enable_pxe_lease_time\": \"${L::enable_pxe_lease_time}\",", " \"high_water_mark\": \"${L::high_water_mark}\",", " \"high_water_mark_reset\": \"${L::high_water_mark_reset}\",", " \"ignore_dhcp_option_list_request\": \"${L::ignore_dhcp_option_list_request}\",", " \"ignore_id\": \"${L::ignore_id}\",", " \"ipv4addr\": \"${L::ipv4addr}\",", " \"lease_scavenge_time\": \"${L::lease_scavenge_time}\",", " \"low_water_mark\": \"${L::low_water_mark}\",", " \"low_water_mark_reset\": \"${L::low_water_mark_reset}\",", " \"mgm_private\": \"${L::mgm_private}\",", " \"mgm_private_overridable\": \"${L::mgm_private_overridable}\",", " \"netmask\": \"${L::netmask}\",", " \"network\": \"${L::network}\",", " \"network_container\": \"${L::network_container}\",", " \"network_view\": \"${L::network_view}\",", " \"recycle_leases\": \"${L::recycle_leases}\",", " \"rir\": \"${L::rir}\",", " \"rir_registration_status\": \"${L::rir_registration_status}\",", " \"same_port_control_discovery_blackout\": \"${L::same_port_control_discovery_blackout}\",", " \"static_hosts\": \"${L::static_hosts}\",", " \"subscribe_settings\": \"${L::subscribe_settings}\",", " \"total_hosts\": \"${L::total_hosts}\",", " \"unmanaged\": \"${L::unmanaged}\",", " \"update_dns_on_lease_renewal\": \"${L::update_dns_on_lease_renewal}\",", " \"utilization\": \"${L::utilization}\",", " \"utilization_update\": \"${L::utilization_update}\",", " \"ddns_enable_option_fqdn\": \"${L::ddns_enable_option_fqdn}\",", " \"ddns_generate_hostname\": \"${L::ddns_generate_hostname}\",", " \"preferred_lifetime\": \"${L::preferred_lifetime}\",", " \"comment\": \"${L::comment}\",", " \"valid_lifetime\": \"${L::valid_lifetime}\"", " },", " \"extattr\":{", " \"ePO_GUID\": \"${L::extattrs}\"", " },", " \"source\": {", " \"ipv4\": \"${L::internal{source_ipv4}}\",", " \"ipv6\": \"${L::internal{source_ipv6}}\",", " \"port\": 00000", " }", " }", "}" ], "dxl_topic": "/open/DDI/v1/${E::event_type}/infoblox" }, { "name": "Debug#50", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "goFin", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "send_CEF", "operation": "DXL_SEND_EVENT", "body_list": [ "{\"DXLCommonEvent\":{", "\"category\": \"${E::event_type}\",", "\"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", "\"eventType\": \"${E::operation_type}\",", "\"eventId\": \"204163\",", "\"AgentGUID\": \"${L::GUID}\",", "\"Analyzer\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"AnalyzerDATVersion\": \"\",", "\"AnalyzerDetectionMethod\": \"${E::object_type}\",", "\"AnalyzerHostName\": \"${E::member_name}\",", "\"AnalyzerIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"AnalyzerIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"AnalyzerMAC\": \"\",", "\"AnalyzerName\": \"NIOS\",", "\"AnalyzerVersion\": \"8.2.1\",", "\"DetectedUTC\": \"${L::DetectedUTC}\",", "\"ServerID\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"SourceIPV4\": \"${L::internal{source_ipv4}}\",", "\"SourceIPV6\": \"${L::internal{source_ipv6}}\",", "\"SourcePort\": \"00000\",", "\"TargetHostName\": \"${E::member_name}\",", "\"TargetIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"TargetIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"TargetPort\": \"53\",", "\"TargetProtocol\": \"dns\",", "\"authority\": \"${L::authority}\",", "\"conflict_count\": \"${L::conflict_count}\",", "\"ddns_generate_hostname\": \"${L::ddns_generate_hostname}\",", "\"ddns_server_always_updates\": \"${L::ddns_server_always_updates}\",", "\"ddns_ttl\": \"${L::ddns_ttl}\",", "\"ddns_update_fixed_addresses\": \"${L::ddns_update_fixed_addresses}\",", "\"ddns_use_option81\": \"${L::ddns_use_option81}\",", "\"deny_bootp\": \"${L::deny_bootp}\",", "\"dhcp_utilization\": \"${L::dhcp_utilization}\",", "\"dhcp_utilization_status\": \"${L::dhcp_utilization_status}\",", "\"disable\": \"${L::disable}\",", "\"dynamic_hosts\": \"${L::dynamic_hosts}\",", "\"enable_ddns\": \"${L::enable_ddns}\",", "\"enable_dhcp_thresholds\": \"${L::enable_dhcp_thresholds}\",", "\"enable_discovery\": \"${L::enable_discovery}\",", "\"enable_ifmap_publishing\": \"${L::enable_ifmap_publishing}\",", "\"enable_pxe_lease_time\": \"${L::enable_pxe_lease_time}\",", "\"high_water_mark\": \"${L::high_water_mark}\",", "\"high_water_mark_reset\": \"${L::high_water_mark_reset}\",", "\"ignore_dhcp_option_list_request\": \"${L::ignore_dhcp_option_list_request}\",", "\"ignore_id\": \"${L::ignore_id}\",", "\"ipv4addr\": \"${L::ipv4addr}\",", "\"lease_scavenge_time\": \"${L::lease_scavenge_time}\",", "\"low_water_mark\": \"${L::low_water_mark}\",", "\"low_water_mark_reset\": \"${L::low_water_mark_reset}\",", "\"mgm_private\": \"${L::mgm_private}\",", "\"mgm_private_overridable\": \"${L::mgm_private_overridable}\",", "\"netmask\": \"${L::netmask}\",", "\"network\": \"${L::network}\",", "\"network_container\": \"${L::network_container}\",", "\"network_view\": \"${L::network_view}\",", "\"recycle_leases\": \"${L::recycle_leases}\",", "\"rir\": \"${L::rir}\",", "\"rir_registration_status\": \"${L::rir_registration_status}\",", "\"same_port_control_discovery_blackout\": \"${L::same_port_control_discovery_blackout}\",", "\"static_hosts\": \"${L::static_hosts}\",", "\"subscribe_settings\": \"${L::subscribe_settings}\",", "\"total_hosts\": \"${L::total_hosts}\",", "\"unmanaged\": \"${L::unmanaged}\",", "\"ePO_GUID\": \"${L::extattrs}\"", "\"update_dns_on_lease_renewal\": \"${L::update_dns_on_lease_renewal}\",", "\"utilization\": \"${L::utilization}\",", "\"utilization_update\": \"${L::utilization_update}\",", "\"ddns_enable_option_fqdn\": \"${L::ddns_enable_option_fqdn}\",", "\"ddns_generate_hostname\": \"${L::ddns_generate_hostname}\",", "\"comment\": \"${L::comment}\",", "\"preferred_lifetime\": \"${L::preferred_lifetime}\",", "\"valid_lifetime\": \"${L::valid_lifetime}\"", "}}" ], "dxl_topic": "/infoblox/outbound/${E::event_type}" }, { "name": "goFin#2", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "check DXL_MessageFormat_Delete", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::DXL_MessageFormat}", "op": "==", "right": "CEF" } ], "next": "send_CEF_Delete" } }, { "name": "send_OpenDXL_Delete", "operation": "DXL_SEND_EVENT", "body_list": [ "{", " \"eventMsgType\": \"Infoblox Change Event\",", " \"eventMsgVersion\": \"1.0\",", " \"event\": {", " \"category\": \"${E::event_type}\",", " \"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", " \"eventType\": \"${E::operation_type}\",", " \"eventId\": \"204163\",", " \"analyzer\": {", " \"id\": \"S_INFBLX0802\",", " \"version\": \"8.2.1\",", " \"name\": \"NIOS\",", " \"detectionMethod\": \"NIOS\",", " \"hostName\": \"${E::member_name}\",", " \"detectedUTC\": \"${L::DetectedUTC}\",", " \"ipv4\": \"${L::internal{analyzer_ipv4}}\",", " \"ipv6\": \"${L::internal{analyzer_ipv6}}\"", " },", " \"source\": {", " \"ipv4\": \"${L::internal{source_ipv4}}\",", " \"ipv6\": \"${L::internal{source_ipv6}}\",", " \"port\": 00000", " }", " }", "}" ], "dxl_topic": "/open/DDI/v1/${E::event_type}/infoblox" }, { "name": "goFin#3", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "send_CEF_Delete", "operation": "DXL_SEND_EVENT", "body_list": [ "{\"DXLCommonEvent\":{", "\"category\": \"${E::event_type}\",", "\"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", "\"eventType\": \"${E::operation_type}\",", "\"eventId\": \"204163\",", "\"AgentGUID\": \"${L::GUID}\",", "\"Analyzer\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"AnalyzerDATVersion\": \"\",", "\"AnalyzerDetectionMethod\": \"${E::object_type}\",", "\"AnalyzerHostName\": \"${E::member_name}\",", "\"AnalyzerIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"AnalyzerIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"AnalyzerMAC\": \"\",", "\"AnalyzerName\": \"NIOS\",", "\"AnalyzerVersion\": \"8.2.1\",", "\"DetectedUTC\": \"${L::DetectedUTC}\",", "\"ServerID\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"SourceIPV4\": \"${L::internal{source_ipv4}}\",", "\"SourceIPV6\": \"${L::internal{source_ipv6}}\",", "\"SourcePort\": \"00000\",", "\"TargetHostName\": \"${E::member_name}\",", "\"TargetIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"TargetIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"TargetPort\": \"53\",", "\"TargetProtocol\": \"dns\"", "}}" ], "dxl_topic": "/infoblox/outbound/${E::event_type}" }, { "name": "Fin", "operation": "NOP", "body": "" } ] }