THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

API & Integration, DevOps,NetOps,SecOps

Reply

phantom infoblox block domain tweak

Techie
Posts: 2
2178     0

I found the following customization of the block domain action for infoblox in phantom useful.  The block domain action allows you to add an entry to the selected rp_zone.  The cusomization appends the timestamp and "added by phantom playbook" to the comment field so you can easily see when blacklist entries can be aged out, if needed.

    phantom.debug('block_domain_1() called')  

    parameters = []

    start_time = datetime.datetime.now().strftime("%m-%d-%y")

    name_value=phantom.collect(container, "artifact:*.cef.destinationDnsDomain")[0]['cef']['destinationDnsDomain']

    parameters.append({

        'domain': name_value,

        'rp_zone': "blacklist",

        'network_view': "Internal",

        'comment': start_time + " block from Phantom Playbook ",

    })

    phantom.act("block domain", parameters=parameters, app={ "name": 'Infoblox DDI' }, callback=format_create_ticket, name="block_domain_1")

 

Unbolded code shuold be the default for block domain action.
HTH

Showing results for 
Search instead for 
Did you mean: 

Recommended for You