Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

API & Integration, DevOps,NetOps,SecOps


phantom infoblox block domain tweak

Posts: 2
1596     0

I found the following customization of the block domain action for infoblox in phantom useful.  The block domain action allows you to add an entry to the selected rp_zone.  The cusomization appends the timestamp and "added by phantom playbook" to the comment field so you can easily see when blacklist entries can be aged out, if needed.

    phantom.debug('block_domain_1() called')  

    parameters = []

    start_time ="%m-%d-%y")

    name_value=phantom.collect(container, "artifact:*.cef.destinationDnsDomain")[0]['cef']['destinationDnsDomain']


        'domain': name_value,

        'rp_zone': "blacklist",

        'network_view': "Internal",

        'comment': start_time + " block from Phantom Playbook ",


    phantom.act("block domain", parameters=parameters, app={ "name": 'Infoblox DDI' }, callback=format_create_ticket, name="block_domain_1")


Unbolded code shuold be the default for block domain action.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You