Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API Examples

Reply

Authenticate to API and Pull Recent Blox One Security Events

New Member
Posts: 1
3521     0

I'm looking for an example curl command or a pointer to a document with examples that will help us develop an API integration to:

 

1) Authenticate to the API, then

2) Pull Blox One security events for the last hour or so. 

 

I believe the path to retrieve events is something like /api/dnsdata/v2/dns_event but the API docs do not list parameters with this and the only thing I can find on authentication is basic auth, again with no details around tokens or what I should capture from the response to use in future calls.

 

In CSP > Reports > Security Activity I was able to download a csv with events like this one.  I need to come up with some means to pull this thru automation:

 

07-25-2023 01:50:18 pm UTC High phishing.eicar.network. Phishing Generic phishing.eicar.network MVP Policy Redirect 10.138.224.5 156.36.42.23-B1TD_UAT (DFP) 2600:1f18:1043:dc00:8083:68e:ef0f:46de

Re: Authenticate to API and Pull Recent Blox One Security Events

[ Edited ]
Moderator
Moderator
Posts: 289
3522     0

To perform API calls, you will ned an API token.  Create a service account (Administration / User Access / Users) and give it the groups required to perform the functions you want to perform.   Then create a token based on that user (Administration / User Access / Service API Keys).

This token will only be displayed once, and cannot be retrieved again later.  So be sure to copy/paste carefully and store it somewhere safe.

 

Now you can use that API token with your API calls.

 

For the call you are performing, you want to send the start and end time for your results.  for example using unix curl, this will give you a specific hour:  (insert your own token of course...)

 

curl -k -H "Authorization: Token abcde****12345" \
-X GET 'https://csp.infoblox.com/api/dnsdata/v2/dns_event?t0=1692786140&t1=1692789740'

 

You might want to pipe it through a json tool, to make the response easier to read:

 

curl -k -H "Authorization: Token abcde****12345" \
-X GET 'https://csp.infoblox.com/api/dnsdata/v2/dns_event?t0=1692786140&t1=1692789740' \
| python -m json.tool
Showing results for 
Search instead for 
Did you mean: 

Recommended for You