Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

API & Integration, DevOps,NetOps,SecOps

Reply

phantom infoblox block domain tweak
pmeyerson
Techie
Posts: 2

‎06-20-2019 08:36 AM

1596     0

I found the following customization of the block domain action for infoblox in phantom useful.  The block domain action allows you to add an entry to the selected rp_zone.  The cusomization appends the timestamp and "added by phantom playbook" to the comment field so you can easily see when blacklist entries can be aged out, if needed.

    phantom.debug('block_domain_1() called')  

    parameters = []

    start_time = datetime.datetime.now().strftime("%m-%d-%y")

    name_value=phantom.collect(container, "artifact:*.cef.destinationDnsDomain")[0]['cef']['destinationDnsDomain']

    parameters.append({

        'domain': name_value,

        'rp_zone': "blacklist",

        'network_view': "Internal",

        'comment': start_time + " block from Phantom Playbook ",

    })

    phantom.act("block domain", parameters=parameters, app={ "name": 'Infoblox DDI' }, callback=format_create_ticket, name="block_domain_1")

 

Unbolded code shuold be the default for block domain action.
HTH

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community