Infoblox Community

Outbound API - Proofpoint Threat Response DNS Firewall alert integration

[ Edited ]
Posts: 21
Registered: ‎05-19-2012
Posts: 21

Outbound API available in NIOS 8.0 allows to cover the following usecase:
"When a end host is requesting a fqdn that my teams have confirmed to be an IOC, I want to automatically deny any service for the client source IP and/or the target IP addresses in a firewall rule on our firewalls."

The following video shows the endpoint & notification configuration:

Link to the video


The template to import is also attached.


    "content_type": "application/json",
    "event_type": [
    "name": "Proofpoint Threat Response",
    "steps": [
            "body_list": [
                "{\"target\": ${E::source_ip},",
                "\"category\": \"malware\",",
                "\"url\": ${E::query_name},",
                "\"severity\": ${E::rpz_severity}}"
            "name": "postsomething",
            "operation": "POST",
            "transport": {
                "path": ""
    "type": "REST_EVENT",
    "vendor_identifier": "Proofpoint",
    "version": "1.0"