On demand DHCP lease history search from SIEM

[ Edited ]
Posts: 45
1440     2

I have met with a lot of SOC managers recently, some of them using investigation tools like IBM Resilient, and they had this request:


I would like to be able to search IP and/or MAC and/or hostname in a given period from our investigation tools without having to open Infoblox UI.


Here is how to do that, only by issuing REST API calls:



- Infoblox Reporting & Analytics module

- Grid Reporting Properties > General > DHCP Lease history is enabled

- An infoblox administrator account with Grid Reporting Properties Read Only permission, that has already successfully connected through GUI, and tested that DHCP Lease history report is actually showing data


Postman configuration to test it:


0) Postman Environment variables:

logincall: /services/auth/login/

savedsearches: /services/saved/searches

search: /services/search/jobs/

RS: https://<Your-REPORTING-Member-IP>:9185



0) Import the attached file: Infoblox-Reporting-WAPI-DHCP-lease-history.postman_collection.json in Postman


1) Authenticate and generate token

- Open 1- Get Token

- Change username and password in body

- Send

a sessionkey must be returned, if not make sure that GUI works and that the report works with this user





2) Create the search

- Open 2- Save search

- Send




3) Actually perform your search!

- Open 3- Saved Search Synchronous

- change

     + args.lease_time.earliest

     + args.lease_time.latest

     + dispatch.earliest_time

     + dispatch.latest_time

with your search interval epochtime

args.lease_ip_str and/or args.host_name_str and/or args.mac_duid_str with the IP, hostname, MAC address your are searching

- Send

- a SID must be returned




4) Get your search results

- Open 4 - get job output JSON

- Send

- And voila:




Check out our new Tech docs website at for latest documentation on Infoblox products.
Showing results for 
Search instead for 
Do you mean 

Recommended for You