Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

How to go about...

[ Edited ]
Guru
Posts: 26
896     1

I'm trying to determine the most efficient manner to try to get the last discovered date from every object that is in a specific subnet.

I'd input a subnet and it would iterate through the entire subnet and spit out the last discovered date for each object it finds, if any.

 

Any assistance or pointers would be appreciated.

Re: How to go about...

[ Edited ]
Moderator
Moderator
Posts: 306
896     1

You can search for ipaddress results within the network, and it will return a list of all IP Address pseudo-objects.   The pseudo-object also contains the discovery information for that IP address, including last-discovered time

 

Here's the qick and dirty way to examine the results, using curl:

curl -k1 -u admin:infoblox -X GET 'https://gm.example.com/wapi/v2.11/ipv4address' -d 'network=192.168.1.0/24' -d '_return_fields%2b=discovered_data'

 

And that gives lots of results like this:

    {
        "_ref": "ipv4address/Li5pcHY0X2FkZHJlc3MkMTAuOS4xNi4xNzMvMA:192.168.1.173", 
        "discovered_data": {
            "discoverer": "Network Insight", 
            "first_discovered": 1517726797, 
            "last_discovered": 1695909064, 
            "mac_address": "18:c0:4d:12:34:56", 
            "network_component_description": "Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)  Technical Support: http://www.cisco.com/techsupport  Copyright (c) 1986-2011 by Cisco Systems, Inc.  Compiled Thu 21-Jul-11 01:44 by prod_rel_team", 
            "network_component_ip": "192.168.1.27", 
            "network_component_model": "catalyst356048PS", 
            "network_component_name": "cisco.example.com", 
            "network_component_port_description": "FastEthernet0/48", 
            "network_component_port_name": "Fa0/48", 
            "network_component_port_number": 52, 
            "network_component_type": "Switch", 
            "network_component_vendor": "Cisco", 
            "port_duplex": "Full", 
            "port_link_status": "Connected", 
            "port_speed": "100M", 
            "port_status": "Up", 
            "port_type": "ethernet-csmacd", 
            "port_vlan_name": "default", 
            "port_vlan_number": 1
        }, 
        "ip_address": "192.168.1.173", 
        "is_conflict": true, 
        "lease_state": "FREE", 
        "mac_address": "", 
        "names": [
            "dhcp-192.168.1-173.example.com"
        ], 
        "network": "192.168.1.0/24", 
        "network_view": "default", 
        "objects": [], 
        "status": "USED", 
        "types": [
            "BULKHOST", 
            "RESERVED_RANGE"
        ], 
        "usage": [
            "DNS"
        ]
    }, 




But that's not very readable, so here's a python example to do the same and display in a more human-readable way:

 

from infoblox_client import connector, exceptions
from datetime import datetime
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

search_net = "192.168.1.0/24"
date_format = '%Y-%m-%d %H:%M:%S'
try:

    conn = connector.Connector({
        'host': 'gm.example.com',
        'username': 'admin',
        'password': 'infoblox',
        'wapi_version': '2.11'
    })

    print("Searching for IPs in %s" % search_net)

    results = conn.get_object(
        'ipv4address', {
            "network": search_net
        },
        return_fields = [
            'default',
            'discovered_data'
        ]
    )

    if results:

        print("found %s IP addresses" % len(results))

        for result in results:

            if 'discovered_data' in result:
                timestamp = result['discovered_data']['last_discovered']
                timestr = datetime.utcfromtimestamp(timestamp).strftime(date_format)

                print ("IP address %s last discovered %s" % (result['ip_address'], timestr))

except exceptions.InfobloxBadWAPICredential as e:
    logger.error(e)
    sys.exit(255)
except exceptions.InfobloxConfigException as e:
    logger.error(e)
    sys.exit(255)

here's the script output:

Searching for IPs in 192.168.1.0/24
found 256 IP addresses
IP address 192.168.1.12 last discovered 2023-09-28 09:36:42
IP address 192.168.1.108 last discovered 2023-09-28 14:51:11
IP address 192.168.1.111 last discovered 2023-09-28 14:51:11
IP address 192.168.1.115 last discovered 2023-09-28 14:51:11
IP address 192.168.1.137 last discovered 2023-09-28 15:51:16
IP address 192.168.1.141 last discovered 2023-09-28 15:51:16
IP address 192.168.1.147 last discovered 2023-09-28 15:51:16
IP address 192.168.1.173 last discovered 2023-09-28 13:51:04

 

Re: How to go about...

Guru
Posts: 26
897     1

Wow, that's exactly what I was looking for!

Showing results for 
Search instead for 
Did you mean: 

Recommended for You