Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

Authenticate to API and Pull Recent Blox One Security Events
charlesheadlee
New Member
Posts: 1

‎08-16-2023 07:11 AM

3558     0

I'm looking for an example curl command or a pointer to a document with examples that will help us develop an API integration to:

 

1) Authenticate to the API, then

2) Pull Blox One security events for the last hour or so. 

 

I believe the path to retrieve events is something like /api/dnsdata/v2/dns_event but the API docs do not list parameters with this and the only thing I can find on authentication is basic auth, again with no details around tokens or what I should capture from the response to use in future calls.

 

In CSP > Reports > Security Activity I was able to download a csv with events like this one.  I need to come up with some means to pull this thru automation:

 

07-25-2023 01:50:18 pm UTC High phishing.eicar.network. Phishing Generic phishing.eicar.network MVP Policy Redirect 10.138.224.5 156.36.42.23-B1TD_UAT (DFP) 2600:1f18:1043:dc00:8083:68e:ef0f:46de

Labels:
Reply
0 Kudos

Re: Authenticate to API and Pull Recent Blox One Security Events

[ Edited ]
MattR
Moderator
Moderator
Posts: 289

‎08-23-2023 04:54 AM - edited ‎08-23-2023 04:57 AM

3559     0

To perform API calls, you will ned an API token.  Create a service account (Administration / User Access / Users) and give it the groups required to perform the functions you want to perform.   Then create a token based on that user (Administration / User Access / Service API Keys).

This token will only be displayed once, and cannot be retrieved again later.  So be sure to copy/paste carefully and store it somewhere safe.

 

Now you can use that API token with your API calls.

 

For the call you are performing, you want to send the start and end time for your results.  for example using unix curl, this will give you a specific hour:  (insert your own token of course...)

 

curl -k -H "Authorization: Token abcde****12345" \
-X GET 'https://csp.infoblox.com/api/dnsdata/v2/dns_event?t0=1692786140&t1=1692789740'

 

You might want to pipe it through a json tool, to make the response easier to read:

 

curl -k -H "Authorization: Token abcde****12345" \
-X GET 'https://csp.infoblox.com/api/dnsdata/v2/dns_event?t0=1692786140&t1=1692789740' \
| python -m json.tool
Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community