- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Outbound API - Proofpoint Threat Response DNS Firewall alert integration
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
11-21-2016
08:53 AM
- last edited on
11-21-2016
09:10 AM
by
GHorne
Outbound API available in NIOS 8.0 allows to cover the following usecase:
"When a end host is requesting a fqdn that my teams have confirmed to be an IOC, I want to automatically deny any service for the client source IP and/or the target IP addresses in a firewall rule on our firewalls."
The following video shows the endpoint & notification configuration:
The template to import is also attached.
{ "content_type": "application/json", "event_type": [ "RPZ" ], "name": "Proofpoint Threat Response", "steps": [ { "body_list": [ "{\"target\": ${E::source_ip},", "\"category\": \"malware\",", "\"url\": ${E::query_name},", "\"severity\": ${E::rpz_severity}}" ], "name": "postsomething", "operation": "POST", "transport": { "path": "" } } ], "type": "REST_EVENT", "vendor_identifier": "Proofpoint", "version": "1.0" }
Solved! Go to Solution.
Re: Outbound API - Proofpoint Threat Response DNS Firewall alert integration
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-05-2017 10:16 AM
Hi NIcolas - thank you very much sharing.
Check out our new Tech docs website for latest documentation on Infoblox products.