- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Authenticate to API and Pull Recent Blox One Security Events
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2023 07:11 AM
I'm looking for an example curl command or a pointer to a document with examples that will help us develop an API integration to:
1) Authenticate to the API, then
2) Pull Blox One security events for the last hour or so.
I believe the path to retrieve events is something like /api/dnsdata/v2/dns_event but the API docs do not list parameters with this and the only thing I can find on authentication is basic auth, again with no details around tokens or what I should capture from the response to use in future calls.
In CSP > Reports > Security Activity I was able to download a csv with events like this one. I need to come up with some means to pull this thru automation:
07-25-2023 01:50:18 pm UTC High phishing.eicar.network. Phishing Generic phishing.eicar.network MVP Policy Redirect 10.138.224.5 156.36.42.23-B1TD_UAT (DFP) 2600:1f18:1043:dc00:8083:68e:ef0f:46de
Re: Authenticate to API and Pull Recent Blox One Security Events
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2023 04:54 AM - edited 08-23-2023 04:57 AM
To perform API calls, you will ned an API token. Create a service account (Administration / User Access / Users) and give it the groups required to perform the functions you want to perform. Then create a token based on that user (Administration / User Access / Service API Keys).
This token will only be displayed once, and cannot be retrieved again later. So be sure to copy/paste carefully and store it somewhere safe.
Now you can use that API token with your API calls.
For the call you are performing, you want to send the start and end time for your results. for example using unix curl, this will give you a specific hour: (insert your own token of course...)
curl -k -H "Authorization: Token abcde****12345" \ -X GET 'https://csp.infoblox.com/api/dnsdata/v2/dns_event?t0=1692786140&t1=1692789740'
You might want to pipe it through a json tool, to make the response easier to read:
curl -k -H "Authorization: Token abcde****12345" \ -X GET 'https://csp.infoblox.com/api/dnsdata/v2/dns_event?t0=1692786140&t1=1692789740' \ | python -m json.tool