{ "name": "DXL_Range_Event", "version": "3.0", "type": "DXL_EVENT", "event_type": [ "RANGE_IPV4", "RANGE_IPV6" ], "vendor_identifier": "McAfee", "quoting": "ASIS", "instance_variables": [ { "name": "DXL_MessageFormat", "type": "STRING" }, { "name": "OPERATION_TYPES", "type": "STRING", "value": "insert/modify/delete" } ], "steps": [ { "name": "Debug#0", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set time vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:New_Time}:{E:timestamp}}${XC:FORMAT:TRUNCATE:{L:New_Time}:{16t}}" ] }, { "name": "Set Old_Time", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{DXL_LastEventSentAt}{value}}", "op": "==", "right": "" } ], "eval": "${XC:ASSIGN:{L:Old_Time}:{S:}}", "else_eval": "${XC:COPY:{L:Old_Time}:{E:values{extattrs}{DXL_LastEventSentAt}{value}}}}${XC:FORMAT:TRUNCATE:{L:Old_Time}:{16t}}" } }, { "name": "Debug#1", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "STOP if modified in the last second", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:New_Time}", "op": "==", "right": "${L:A:Old_Time}" } ], "stop": true } }, { "name": "Debug#2", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "STOP if sync not requested", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{DXL_Sync}{value}}", "op": "==", "right": "" }, { "left": "${E:A:values{extattrs}{DXL_Sync}{value}}", "op": "==", "right": "false" } ], "stop": true } }, { "name": "init_internal_data", "operation": "VARIABLEOP", "variable_ops": [ { "operation": "ASSIGN", "type": "DICTIONARY", "destination": "L:internal", "keys": [ "analyzer_ipv4", "analyzer_ipv6", "source_ipv4", "source_ipv6", "target_ipv4", "target_ipv6", "severity" ], "values": [ "", "", "", "", "", "", "7" ] } ] }, { "name": "check what operation types are allowed", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::OPERATION_TYPES}", "op": "!~", "right": "((?i).*${E::operation_type}.*)" } ], "next": "Fin" } }, { "name": "is_analyzer_source_RANGE_ipv4", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::object_type}", "op": "==", "right": "DhcpRange" }, { "left": "${E::values{start_addr}}", "op": "!~", "right": ":" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{analyzer_ipv4}}:{E:member_ip}}${XC:COPY:{L:internal{source_ipv4}}:{E:member_ip}}${XC:ASSIGN:{L:IPv}:{I:4}}", "else_eval": "${XC:COPY:{L:internal{analyzer_ipv6}}:{E:member_ip}}${XC:COPY:{L:internal{source_ipv6}}:{E:member_ip}}${XC:ASSIGN:{L:IPv}:{I:6}}" } }, { "name": "check if Range IPv4 to assign target_ipv4", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::event_type}", "op": "==", "right": "RANGE_IPV4" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{target_ipv4}}:{E:values{start_addr}}}", "next": "is_severity_7" } }, { "name": "check if Range IPv6 to assign target_ipv6", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::event_type}", "op": "==", "right": "RANGE_IPV6" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{target_ipv6}}:{E:values{start_addr}}}" } }, { "name": "is_severity_7", "operation": "CONDITION", "condition": { "statements": [ { "left": "1", "op": "==", "right": "1" } ], "condition_type": "AND", "eval": "${XC:ASSIGN:{L:internal{severity}}:{I:7}}" } }, { "name": "check if reservation range or network to assign values", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::object_type}", "op": "==", "right": "DhcpRange" }, { "left": "${E::object_type}", "op": "==", "right": "IPv6DhcpRange" } ], "condition_type": "OR", "eval": "${XC:COPY:{L:ruleName}:{E:member_name}}${XC:FORMAT:TRUNCATE:{L:ruleName}:{-128f}}${XC:COPY:{L:threatName}:{E:values{_ref}}}${XC:FORMAT:TRUNCATE:{L:threatName}:{-128f}}${XC:COPY:{L:DetectedUTC}:{E:timestamp}}${XC:ASSIGN:{L:Obj_ref}:{S:}}${XC:ASSIGN:{L:network_view}:{S:default}}${XC:COPY:{L:Object_type}:{E:object_type}}${XC:ASSIGN:{L:threatActionTaken}:{S:Alert}}${XC:ASSIGN:{L:threatHandled}:{I:1}}${XC:COPY:{L:operation_type}:{E:operation_type}}" } }, { "name": "check GUID", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{ePO_GUID}{value}}", "op": "==", "right": "" } ], "eval": "${XC:COPY:{L:GUID}:{UT:UUID}}${XC:ASSIGN:{L:GUIDtype}:{S:generated}}", "else_eval": "${XC:COPY:{L:GUID}:{E:values{extattrs}{ePO_GUID}{value}}}${XC:ASSIGN:{L:GUIDtype}:{S:local}}" } }, { "name": "jump if have GUID or no WAPI credentials or is delete", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:GUIDtype}", "op": "==", "right": "local" }, { "left": "${UT:A:WAPIUSERNAME}", "op": "==", "right": "" }, { "left": "${E:A:operation_type}", "op": "==", "right": "DELETE" } ], "next": "Check if operation type was delete to avoid errors" } }, { "name": "Check if operation type was delete to avoid errors", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E:A:operation_type}", "op": "==", "right": "DELETE" } ], "next": "check DXL_MessageFormat_Delete" } }, { "name": "Update GUID", "operation": "PUT", "transport": { "path": "${E:A:values{_ref}}" }, "wapi": "v2.7", "wapi_quoting": "JSON", "body_list": [ "{\"extattrs+\":{\"ePO_GUID\": { \"value\": \"${L:A:GUID}\"},\"DXL_LastEventSentAt\": { \"value\": \"${E:A:timestamp}\"}}}" ] }, { "name": "Check if range ipv6", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E::event_type}", "op": "==", "right": "RANGE_IPV6" } ], "next": "GET Range IPv6 data" } }, { "name": "GET Range IPv4 data", "operation": "GET", "transport": { "path": "range?start_addr=${E::values{start_addr}}&end_addr=${E::values{end_addr}}&_return_fields=always_update_dns,comment,ddns_generate_hostname,deny_all_clients,deny_bootp,dhcp_utilization,dhcp_utilization_status,disable,discover_now_status,discovery_basic_poll_settings,discovery_blackout_setting,dynamic_hosts,email_list,exclude,extattrs,fingerprint_filter_rules,high_water_mark,high_water_mark_reset,ignore_dhcp_option_list_request,ignore_id,ignore_mac_addresses,is_split_scope,lease_scavenge_time,logic_filter_rules,low_water_mark,low_water_mark_reset,mac_filter_rules,ms_options,nac_filter_rules,network,network_view,option_filter_rules,options,port_control_blackout_setting,recycle_leases,relay_agent_filter_rules,same_port_control_discovery_blackout,server_association_type,start_addr,static_hosts,subscribe_settings,total_hosts,update_dns_on_lease_renewal" }, "wapi": "v2.7" }, { "name": "Debug#39", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set Range IPv4 vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:start_addr}:{E:values{start_addr}}}", "${XC:COPY:{L:end_addr}:{E:values{end_addr}}}", "${XC:COPY:{L:always_update_dns}:{P:PARSE[0]{always_update_dns}}}", "${XC:COPY:{L:ddns_generate_hostname}:{P:PARSE[0]{ddns_generate_hostname}}}", "${XC:COPY:{L:deny_all_clients}:{P:PARSE[0]{deny_all_clients}}}", "${XC:COPY:{L:deny_bootp}:{P:PARSE[0]{deny_bootp}}}", "${XC:COPY:{L:dhcp_utilization}:{P:PARSE[0]{dhcp_utilization}}}", "${XC:COPY:{L:dhcp_utilization_status}:{P:PARSE[0]{dhcp_utilization_status}}}", "${XC:COPY:{L:disable}:{P:PARSE[0]{disable}}}", "${XC:COPY:{L:discover_now_status}:{P:PARSE[0]{discover_now_status}}}", "${XC:COPY:{L:dynamic_hosts}:{P:PARSE[0]{dynamic_hosts}}}", "${XC:COPY:{L:high_water_mark}:{P:PARSE[0]{high_water_mark}}}", "${XC:COPY:{L:high_water_mark_reset}:{P:PARSE[0]{high_water_mark_reset}}}", "${XC:COPY:{L:ignore_dhcp_option_list_request}:{P:PARSE[0]{ignore_dhcp_option_list_request}}}", "${XC:COPY:{L:ignore_id}:{P:PARSE[0]{ignore_id}}}", "${XC:COPY:{L:extattrs}:{P:PARSE[0]{extattrs}{ePO_GUID}{value}}}", "${XC:COPY:{L:is_split_scope}:{P:PARSE[0]{is_split_scope}}}", "${XC:COPY:{L:lease_scavenge_time}:{P:PARSE[0]{lease_scavenge_time}}}", "${XC:COPY:{L:low_water_mark}:{P:PARSE[0]{low_water_mark}}}", "${XC:COPY:{L:low_water_mark_reset}:{P:PARSE[0]{low_water_mark_reset}}}", "${XC:COPY:{L:mac_filter_rules}:{P:PARSE[0]{mac_filter_rules}}}", "${XC:COPY:{L:network}:{P:PARSE[0]{network}}}", "${XC:COPY:{L:network_view}:{P:PARSE[0]{network_view}}}", "${XC:COPY:{L:port_control_blackout_setting}:{P:PARSE[0]{port_control_blackout_setting}}}", "${XC:COPY:{L:recycle_leases}:{P:PARSE[0]{recycle_leases}}}", "${XC:COPY:{L:same_port_control_discovery_blackout}:{P:PARSE[0]{same_port_control_discovery_blackout}}}", "${XC:COPY:{L:server_association_type}:{P:PARSE[0]{server_association_type}}}", "${XC:COPY:{L:start_addr}:{P:PARSE[0]{start_addr}}}", "${XC:COPY:{L:static_hosts}:{P:PARSE[0]{static_hosts}}}", "${XC:COPY:{L:subscribe_settings}:{P:PARSE[0]{subscribe_settings}}}", "${XC:COPY:{L:total_hosts}:{P:PARSE[0]{total_hosts}}}", "${XC:COPY:{L:update_dns_on_lease_renewal}:{P:PARSE[0]{update_dns_on_lease_renewal}}}", "${XC:ASSIGN:{L:address_type}:{S:}}", "${XC:ASSIGN:{L:enable_discovery}:{S:}}", "${XC:ASSIGN:{L:ipv6_end_prefix}:{S:}}", "${XC:ASSIGN:{L:ipv6_start_prefix}:{S:}}" ] }, { "name": "Check comment", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{comment}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:comment}:{P:PARSE[0]{comment}}}", "else_eval": "${XC:ASSIGN:{L:comment}:{S:}}" } }, { "name": "Debug#40", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "Skip to send Data to DXL#4", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "check DXL_MessageFormat" } }, { "name": "GET Range IPv6 data", "operation": "GET", "transport": { "path": "ipv6range?start_addr=${E::values{start_addr}}&end_addr=${E::values{end_addr}}&_return_fields=address_type,comment,disable,discover_now_status,discovery_basic_poll_settings,discovery_blackout_setting,enable_discovery,end_addr,exclude,extattrs,ipv6_end_prefix,ipv6_start_prefix,network,network_view,port_control_blackout_setting,recycle_leases,same_port_control_discovery_blackout,server_association_type,start_addr,subscribe_settings" }, "wapi": "v2.7" }, { "name": "Debug#41", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set Range IPv6 vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:start_addr}:{E:values{start_addr}}}", "${XC:COPY:{L:end_addr}:{E:values{end_addr}}}", "${XC:COPY:{L:address_type}:{P:PARSE[0]{address_type}}}", "${XC:COPY:{L:disable}:{P:PARSE[0]{disable}}}", "${XC:COPY:{L:discover_now_status}:{P:PARSE[0]{discover_now_status}}}", "${XC:COPY:{L:enable_discovery}:{P:PARSE[0]{enable_discovery}}}", "${XC:COPY:{L:ipv6_end_prefix}:{P:PARSE[0]{ipv6_end_prefix}}}", "${XC:COPY:{L:ipv6_start_prefix}:{P:PARSE[0]{ipv6_start_prefix}}}", "${XC:COPY:{L:extattrs}:{P:PARSE[0]{extattrs}{ePO_GUID}{value}}}", "${XC:COPY:{L:network}:{P:PARSE[0]{network}}}", "${XC:COPY:{L:network_view}:{P:PARSE[0]{network_view}}}", "${XC:COPY:{L:port_control_blackout_setting}:{P:PARSE[0]{port_control_blackout_setting}}}", "${XC:COPY:{L:recycle_leases}:{P:PARSE[0]{recycle_leases}}}", "${XC:COPY:{L:same_port_control_discovery_blackout}:{P:PARSE[0]{same_port_control_discovery_blackout}}}", "${XC:COPY:{L:server_association_type}:{P:PARSE[0]{server_association_type}}}", "${XC:COPY:{L:subscribe_settings}:{P:PARSE[0]{subscribe_settings}}}", "${XC:ASSIGN:{L:always_update_dns}:{S:}}", "${XC:ASSIGN:{L:ddns_generate_hostname}:{S:}}", "${XC:ASSIGN:{L:deny_all_clients}:{S:}}", "${XC:ASSIGN:{L:deny_bootp}:{S:}}", "${XC:ASSIGN:{L:dhcp_utilization}:{S:}}", "${XC:ASSIGN:{L:dhcp_utilization_status}:{S:}}", "${XC:ASSIGN:{L:dynamic_hosts}:{S:}}", "${XC:ASSIGN:{L:high_water_mark}:{S:}}", "${XC:ASSIGN:{L:high_water_mark_reset}:{S:}}", "${XC:ASSIGN:{L:ignore_dhcp_option_list_request}:{S:}}", "${XC:ASSIGN:{L:ignore_id}:{S:}}", "${XC:ASSIGN:{L:is_split_scope}:{S:}}", "${XC:ASSIGN:{L:lease_scavenge_time}:{S:}}", "${XC:ASSIGN:{L:low_water_mark}:{S:}}", "${XC:ASSIGN:{L:low_water_mark_reset}:{S:}}", "${XC:ASSIGN:{L:mac_filter_rules}:{S:}}", "${XC:ASSIGN:{L:options}:{S:}}", "${XC:ASSIGN:{L:static_hosts}:{S:}}", "${XC:ASSIGN:{L:total_hosts}:{S:}}", "${XC:ASSIGN:{L:update_dns_on_lease_renewal}:{S:}}" ] }, { "name": "Check comment#2", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{comment}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:comment}:{P:PARSE[0]{comment}}}", "else_eval": "${XC:ASSIGN:{L:comment}:{S:}}" } }, { "name": "Debug#42", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "check DXL_MessageFormat", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::DXL_MessageFormat}", "op": "==", "right": "CEF" } ], "next": "send_CEF" } }, { "name": "send_OpenDXL", "operation": "DXL_SEND_EVENT", "body_list": [ "{", " \"eventMsgType\": \"Infoblox Change Event\",", " \"eventMsgVersion\": \"1.0\",", " \"event\": {", " \"category\": \"${E::event_type}\",", " \"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", " \"eventType\": \"${E::operation_type}\",", " \"eventId\": \"204164\",", " \"analyzer\": {", " \"id\": \"S_INFBLX0802\",", " \"version\": \"8.2.1\",", " \"name\": \"NIOS\",", " \"detectionMethod\": \"NIOS\",", " \"hostName\": \"${E::member_name}\",", " \"detectedUTC\": \"${L::DetectedUTC}\",", " \"ipv4\": \"${L::internal{analyzer_ipv4}}\",", " \"ipv6\": \"${L::internal{analyzer_ipv6}}\"", " },", " \"entity\": {", " \"groupName\": \"\",", " \"osPlatform\": \"\",", " \"osType\": \"\",", " \"type\": \"\",", " \"sessionID\": \"\",", " \"always_update_dns\": \"${L::always_update_dns}\",", " \"ddns_generate_hostname\": \"${L::ddns_generate_hostname}\",", " \"deny_all_clients\": \"${L::deny_all_clients}\",", " \"deny_bootp\": \"${L::deny_bootp}\",", " \"dhcp_utilization\": \"${L::dhcp_utilization}\",", " \"dhcp_utilization_status\": \"${L::dhcp_utilization_status}\",", " \"disable\": \"${L::disable}\",", " \"discover_now_status\": \"${L::discover_now_status}\",", " \"dynamic_hosts\": \"${L::dynamic_hosts}\",", " \"high_water_mark\": \"${L::high_water_mark}\",", " \"high_water_mark_reset\": \"${L::high_water_mark_reset}\",", " \"ignore_dhcp_option_list_request\": \"${L::ignore_dhcp_option_list_request}\",", " \"ignore_id\": \"${L::ignore_id}\",", " \"is_split_scope\": \"${L::is_split_scope}\",", " \"lease_scavenge_time\": \"${L::lease_scavenge_time}\",", " \"low_water_mark\": \"${L::low_water_mark}\",", " \"low_water_mark_reset\": \"${L::low_water_mark_reset}\",", " \"network\": \"${L::network}\",", " \"network_view\": \"${L::network_view}\",", " \"recycle_leases\": \"${L::recycle_leases}\",", " \"same_port_control_discovery_blackout\": \"${L::same_port_control_discovery_blackout}\",", " \"server_association_type\": \"${L::server_association_type}\",", " \"start_addr\": \"${L::start_addr}\",", " \"static_hosts\": \"${L::static_hosts}\",", " \"subscribe_settings\": \"${L::subscribe_settings}\",", " \"total_hosts\": \"${L::total_hosts}\",", " \"update_dns_on_lease_renewal\": \"${L::update_dns_on_lease_renewal}\",", " \"address_type\": \"${L::address_type}\",", " \"enable_discovery\": \"${L::enable_discovery}\",", " \"end_addr\": \"${L::end_addr}\",", " \"ipv6_end_prefix\": \"${L::ipv6_end_prefix}\",", " \"comment\": \"${L::comment}\",", " \"ipv6_start_prefix\": \"${L::ipv6_start_prefix}\"", " },", " \"extattr\":{", " \"ePO_GUID\": \"${L::extattrs}\"", " },", " \"source\": {", " \"ipv4\": \"${L::internal{source_ipv4}}\",", " \"ipv6\": \"${L::internal{source_ipv6}}\",", " \"port\": 00000", " }", " }", "}" ], "dxl_topic": "/open/DDI/v1/${E::event_type}/infoblox" }, { "name": "Debug#50", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "goFin", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "send_CEF", "operation": "DXL_SEND_EVENT", "body_list": [ "{\"DXLCommonEvent\":{", "\"category\": \"${E::event_type}\",", "\"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", "\"eventType\": \"${E::operation_type}\",", "\"eventId\": \"204164\",", "\"AgentGUID\": \"${L::GUID}\",", "\"Analyzer\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"AnalyzerDATVersion\": \"\",", "\"AnalyzerDetectionMethod\": \"${E::object_type}\",", "\"AnalyzerHostName\": \"${E::member_name}\",", "\"AnalyzerIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"AnalyzerIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"AnalyzerMAC\": \"\",", "\"AnalyzerName\": \"NIOS\",", "\"AnalyzerVersion\": \"8.2.1\",", "\"DetectedUTC\": \"${L::DetectedUTC}\",", "\"ServerID\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"SourceIPV4\": \"${L::internal{source_ipv4}}\",", "\"SourceIPV6\": \"${L::internal{source_ipv6}}\",", "\"SourcePort\": \"00000\",", "\"TargetHostName\": \"${E::member_name}\",", "\"TargetIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"TargetIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"TargetPort\": \"53\",", "\"TargetProtocol\": \"dns\",", "\"always_update_dns\": \"${L::always_update_dns}\",", "\"ddns_generate_hostname\": \"${L::ddns_generate_hostname}\",", "\"deny_all_clients\": \"${L::deny_all_clients}\",", "\"deny_bootp\": \"${L::deny_bootp}\",", "\"dhcp_utilization\": \"${L::dhcp_utilization}\",", "\"dhcp_utilization_status\": \"${L::dhcp_utilization_status}\",", "\"disable\": \"${L::disable}\",", "\"discover_now_status\": \"${L::discover_now_status}\",", "\"dynamic_hosts\": \"${L::dynamic_hosts}\",", "\"high_water_mark\": \"${L::high_water_mark}\",", "\"high_water_mark_reset\": \"${L::high_water_mark_reset}\",", "\"ignore_dhcp_option_list_request\": \"${L::ignore_dhcp_option_list_request}\",", "\"ignore_id\": \"${L::ignore_id}\",", "\"is_split_scope\": \"${L::is_split_scope}\",", "\"lease_scavenge_time\": \"${L::lease_scavenge_time}\",", "\"low_water_mark\": \"${L::low_water_mark}\",", "\"low_water_mark_reset\": \"${L::low_water_mark_reset}\",", "\"network\": \"${L::network}\",", "\"network_view\": \"${L::network_view}\",", "\"recycle_leases\": \"${L::recycle_leases}\",", "\"same_port_control_discovery_blackout\": \"${L::same_port_control_discovery_blackout}\",", "\"server_association_type\": \"${L::server_association_type}\",", "\"start_addr\": \"${L::start_addr}\",", "\"ePO_GUID\": \"${L::extattrs}\"", "\"static_hosts\": \"${L::static_hosts}\",", "\"subscribe_settings\": \"${L::subscribe_settings}\",", "\"total_hosts\": \"${L::total_hosts}\",", "\"update_dns_on_lease_renewal\": \"${L::update_dns_on_lease_renewal}\",", "\"address_type\": \"${L::address_type}\",", "\"enable_discovery\": \"${L::enable_discovery}\",", "\"end_addr\": \"${L::end_addr}\",", "\"ipv6_end_prefix\": \"${L::ipv6_end_prefix}\",", "\"comment\": \"${L::comment}\",", "\"ipv6_start_prefix\": \"${L::ipv6_start_prefix}\"", "}}" ], "dxl_topic": "/infoblox/outbound/${E::event_type}" }, { "name": "goFin#2", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "check DXL_MessageFormat_Delete", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::DXL_MessageFormat}", "op": "==", "right": "CEF" } ], "next": "send_CEF_Delete" } }, { "name": "send_OpenDXL_Delete", "operation": "DXL_SEND_EVENT", "body_list": [ "{", " \"eventMsgType\": \"Infoblox Change Event\",", " \"eventMsgVersion\": \"1.0\",", " \"event\": {", " \"category\": \"${E::event_type}\",", " \"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", " \"eventType\": \"${E::operation_type}\",", " \"eventId\": \"204164\",", " \"analyzer\": {", " \"id\": \"S_INFBLX0802\",", " \"version\": \"8.2.1\",", " \"name\": \"NIOS\",", " \"detectionMethod\": \"NIOS\",", " \"hostName\": \"${E::member_name}\",", " \"detectedUTC\": \"${L::DetectedUTC}\",", " \"ipv4\": \"${L::internal{analyzer_ipv4}}\",", " \"ipv6\": \"${L::internal{analyzer_ipv6}}\"", " },", " \"source\": {", " \"ipv4\": \"${L::internal{source_ipv4}}\",", " \"ipv6\": \"${L::internal{source_ipv6}}\",", " \"port\": 00000", " }", " }", "}" ], "dxl_topic": "/open/DDI/v1/${E::event_type}/infoblox" }, { "name": "goFin#3", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "send_CEF_Delete", "operation": "DXL_SEND_EVENT", "body_list": [ "{\"DXLCommonEvent\":{", "\"category\": \"${E::event_type}\",", "\"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", "\"eventType\": \"${E::operation_type}\",", "\"eventId\": \"204164\",", "\"AgentGUID\": \"${L::GUID}\",", "\"Analyzer\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"AnalyzerDATVersion\": \"\",", "\"AnalyzerDetectionMethod\": \"${E::object_type}\",", "\"AnalyzerHostName\": \"${E::member_name}\",", "\"AnalyzerIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"AnalyzerIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"AnalyzerMAC\": \"\",", "\"AnalyzerName\": \"NIOS\",", "\"AnalyzerVersion\": \"8.2.1\",", "\"DetectedUTC\": \"${L::DetectedUTC}\",", "\"ServerID\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"SourceIPV4\": \"${L::internal{source_ipv4}}\",", "\"SourceIPV6\": \"${L::internal{source_ipv6}}\",", "\"SourcePort\": \"00000\",", "\"TargetHostName\": \"${E::member_name}\",", "\"TargetIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"TargetIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"TargetPort\": \"53\",", "\"TargetProtocol\": \"dns\"", "}}" ], "dxl_topic": "/infoblox/outbound/${E::event_type}" }, { "name": "Fin", "operation": "NOP", "body": "" } ] }