Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

Pulling "Query Monitoring" records via API

Superuser
Posts: 17
1959     0

Hello everyone!

 

Our InfoBlox admins recently enabled "Query Monitoring" on our InfoBlox appliances, which results in "Not Monitored", "Not Queried since" and "Last Queried Timestamps" data to be visible in the "Data Management - DNS - Query Monitoring" pane of the InfoBlox GUI.

 

How do I pull this report and/or report on this data via WAPI? Maybe I'm overlooking something, but I don't see an API call for "Query Monitoring" in the WAPI docs. Smiley Sad

 

Thank you!

 

  GM

Re: Pulling "Query Monitoring" records via API

[ Edited ]
Superuser
Posts: 81
1960     0

Hello,

 

last_queried field will have that info within the zone_auth API. I just put this in a report format like this using the python code below :

 

+-------------------+-----------+---------------------+
| FQDN | Monitored | Last Queried |
+-------------------+-----------+---------------------+
| 10.115.107.224/27 | Yes | 2022-10-24 04:38:30 |
| newstart.com         | Yes | 2022-10-24 04:00:47 |
| tesla.com               | No  |              -                    |
+-------------------+-----------+---------------------+

'''
Script to get monitoring statistics of all zones
'''

import requests
import urllib3
import json
from os import system, name
import datetime
from prettytable import PrettyTable

def clear():
  _=system('clear')

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

url_main='https://192.168.29.110/wapi/v2.10/'
grid_auth=("admin","infoblox")

clear()
response_data = json.loads(requests.get(url=url_main+'zone_auth?_return_fields=fqdn,last_queried', verify=False, auth=grid_auth).content)
print(response_data)
clear()
results_q = PrettyTable(['FQDN', 'Monitored', 'Last Queried'])
for resp_val in response_data:
 timestamp="a"
 monitored="No"
 fqdn = (resp_val.get('fqdn'))
 if "last_queried" in resp_val:
     timestamp = (resp_val.get('last_queried'))
     monitored="Yes"
 if timestamp!="a":
     last_queried_date_time = datetime.datetime.fromtimestamp(timestamp)
 results_q.add_row([fqdn, monitored, last_queried_date_time])
 last_queried_date_time = "-"

print(results_q)

Best regards,

Re: Pulling "Query Monitoring" records via API

Superuser
Posts: 17
1960     0

Thank you for your reply.

 

Unfortunately I'm looking to get this data (or search this data for that matter) for individual records and not just on zones.

 

Reason being is that we suspect we have a lot of stale DNS records that we'd like to clean up. So getting a list of records that hasn't been queried in a certain amount of time will help us in our cleanup efforts.

Re: Pulling "Query Monitoring" records via API

[ Edited ]
Superuser
Posts: 81
1960     0

Hello,

 

Are you interested to pull that info for a specific type of DNS entry(Such as A, AAAA, CNAMEs etc) ? Reason why I'm asking is, we do have an API to pull ALL DNS records(On a per zone basis), but that API doesn't support the field "last_queried" & is only available for individual record type pulls(Such as record:a, record:aaaa etc) according to the schema. If you're not sure, I can write a python script that will just make calls for all types of records(Individually per type) -> Create a table similar to my last post with record name, type & last_queried(If the field exist within the call responses).

 

Best regards,

Re: Pulling "Query Monitoring" records via API

Superuser
Posts: 17
1960     0

Actually - at this point in time - I'm trying to pull that information for *every* record type, or at least the record types that support the last_queried field. I was hoping there was a way to do that in one full swoop (i.e. give me everything that hasn't been queried in xxx amount of time). Traversing over each and every zone and then over each and every record type within that zone seems highly inefficient?

 

How is that GUI (Data Management - DNS - Query Monitoring) pulling that information?

 

Thanks for all your help so far!

Re: Pulling "Query Monitoring" records via API

[ Edited ]
Superuser
Posts: 81
1960     0

Hello,

 

I see your point & that makes sense. It could have been a lot easier if the "allrecords" API supports that field. But as far as I can see in the schema, the allrecords(API meant to pull ALL records per zone) doesn't support the field "last_queried" like in case of individual record type pulls(record:a, record:cname etc). I would let any other community experts reply to this if there's another API call that would pull all DNS records + include the "last_queried" field in the data pulled.

In case if you don't find a response from anyone else & if this is critical, I'd recommend working with Infoblox Technical Support to confirm if there's such an API & they can easily verify that for you. Just in case if you'd like a script to iterate over all zones for all records(individual record types) & just extract the "last_queried" field, please let me know.

 

Best regards,

 

Re: Pulling "Query Monitoring" records via API

Superuser
Posts: 17
1960     0

Thanks Mohammed .. your feedback is greatly appreciated.

 

I will leave this thread open for the time being to see if anyone else has any input. In parallel, I'll explore other options as well and maybe even see if I can get a support ticked opened.

 

Thanks again!

 

   GM

Showing results for 
Search instead for 
Did you mean: 

Recommended for You