Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

Searching for record 'Audit History" information like timestamp, action, message via WAPI

New Member
Posts: 2
12216     0

Hi Infoblox,

 

I am using Ruby (httparty gem) to communicate with Infoblox WAPI. Trying to get a list of all hosts in specific VLAN and would like to get 'Audit History' info.

 

Please help...

 

Thanks

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

Moderator
Moderator
Posts: 306
12216     0

The Audit details are available in the Audit Log which is a separate file.  It is available through WAPI but you would need to pull that file and search through it separately.  It's a three part operation, first we generate and get a link to the downloadable file.  This example downloads it but you would want to ingest it in your script instead:

 

curl -k1 -u admin:infoblox -X POST \
'https://192.168.1.2/wapi/v2.6/fileop?_function=get_log_files' \
-H "Content-Type: application/json" \
-d '{"member": "gm.example.org","node_type": "ACTIVE","log_type": "AUDITLOG"}'

This is what the response looks like:

{  "token": "eJylUEFuwyAQ...",
    "url": "https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-5095/auditLog.tar.gz" }

Downloading the file:

curl -k1 -u admin:infoblox -H "Content-type:application/force-download" -O \
 'https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-5095/auditLog.tar.gz'
 
And then close the file using the token from the first query:
 
 curl -k1 -u admin:infoblox -X POST 'https://192.168.1.2/wapi/v2.6/fileop?_function=downloadcomplete' \
-H "Content-Type: application/json" -d '{ "token": "eJylUEFuwyAQ..."}'

 

 

 

Discovery data is available for IP addresses, the data is stored on the host ip address sub-objects (not the host object).

 

for example:


curl -k -u admin:infoblox -X GET 'https://192.168.1.2/wapi/v2.3/record:host_ipv4addr' -d 'ipv4addr=192.168.1.201&_return_fields%2b=discovered_data'
 
here’s the response:
 
[
    {
        "_ref": "record:host_ipv4addr/ZG5zLmhvc3RfYWRkcmVzcyQuX2RlZmF1bHQubmV0d29yay5yaWNoYXJkLnByaW50ZXIuMTAuOS4xNi41Lg:192.168.1.201/printer.example.org/Internal",
        "configure_for_dhcp": false,
        "discovered_data": {
            "device_type": "Printer",
            "device_vendor": "HP",
            "discovered_name": "NPI1A2B3C",
            "discoverer": "Network Insight",
            "first_discovered": 1475162675,
            "last_discovered": 1506910079,
            "mac_address": "00:0e:7f:1a:2b:3c",
            "mgmt_ip_address": "192.168.1.201",
            "netbios_name": "NPI1A2B3C      ",
            "open_ports": "TCP:21,23,80,443,515,9100 UDP:",
            "os": "29.20",
            "port_speed": "Unknown"
        },
        "host": "printer.example.org",
        "ipv4addr": "192.168.1.201"
    }
]

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

New Member
Posts: 2
12216     0

Thanks for your respond Richard, I really appreciate it.

 

What I am looking is Audit History, where I can get info from:

 

Timestam;

Action;

Object type;

Object Name;

Admin name;

Message

 

Is that possible via WAPI?

 

Screen Shot 2017-10-10 at 3.06.37 PM.png

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

Moderator
Moderator
Posts: 306
12216     0

Sorry no, the audit history is not available for individual objects.   It's only available as a file you can download.

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

New Member
Posts: 1
12216     0

Hey Richard, Can we filter the logs based on timestamp (like last 1 Days) while generating the audit file using API? 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You