Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

Active hosts report

Techie
Posts: 9
2831     0

Good day folks

 

I have a few /24 server subnets with static hosts assigned to each IP address in that subnet. Some subnets have now reached capacity and I know there are hosts that the server team no longer use that can be reclaimed and used again for new servers. None of the IPs in these subnets are given out via Infoblox DHCP.

 

My question is, how do I pull an automated, weekly/monthly report that tells me which hosts in that particular subnet are still active? By active I mean that the hosts respond to a ping or TCP SYN or similar polling mechanism.

 

Thanks.

Marcel

 

 

Re: Active hosts report

[ Edited ]
Superuser
Posts: 81
2831     0

Hello Marcel,

 

If you have a network insight server added to your Infoblox infrastructure(ND appliance) & if you’re indexing data for ib_discovery, then this simple search should meet your use-case as i understand :

 

index=ib_discovery source="ib:discovery:ipaddr_activity" 10.129.32. | search IN_USE_FLAG=1 | sort -_time | dedup IPADDR | eval LATEST_STATUS=case(IN_USE_FLAG == "1", "USED", IN_USE_FLAG == "0", "UNUSED") | table _time IPADDR LATEST_STATUS | sort IPADDR

 

Replace the green network ID with that of yours & you could schedule a hourly/daily/weekly report. I recommend verifying the returned status during the initial stage, to confirm its reliability. We've observed some bugs in that area in the past. Hope that'll be helpful!

 

Best regards.

 

Re: Active hosts report

Techie
Posts: 9
2831     0

Thanks for the reply, Mohammed. Unfortunately we do not have a Network Insight server in our setup. Is there not something similar I can run against the report server? Thanks.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You