Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

API & Integration


DEMO VIDEO & TEMPLATES: Creating ADP Rules for Active Malicious Threats

[ Edited ]
Moderator kzettel
Posts: 66
3608     2



Infoblox now has a new way to combine RPZ feeds with local RPZ and ADP. This takes an RPZ feed that gets queries and creates a local RPZ entry that, when hit a custom number of times, will create a custom ADP rule to block any new bad queries. The video shows how to set everything up and how it works so that you can start using it.



All the templates that you need are attached in a links below. You may want to rework the templates however the templates below are the ones that are demoed in the video. 


The templates require two Extensible Attributes, explained in the video and you will need to generate them in order for the templates to work.


Extensible Attribute



The number of times an entry was hit within an established amount of time, designated by the instance variable “TimeForHits” which is explained in the video. This Extensible Attribute must be a type integer.


This is the last time a variable was hit within a given period of time. This Extensible Attribute must be a type string.






Will add a ADP rule when the local RPZ feed gets a designed number of queries.


Will add a local RPZ rule when the RPZ feed rule is queried.





Deployment Guide

addRPZRuleByOutbound template walkthrough

addSecurityRuleBasedOnHits template walkthrough



If you have any questions or suggestions please let me know!


Thank you,

Kevin Zettel

Showing results for 
Search instead for 
Do you mean 

Recommended for You