Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

BloxOne Threat Defense and Threat Intelligence

Reply

API access to Blacklist

Techie
Posts: 4
2666     1

It is some years since I looked at this and I know that back then one could not use the API to manage the DNS black list.

 

Has this changed?

 

 

Re: API access to Blacklist

[ Edited ]
Techie
Posts: 15
2666     1

Hi rful011,

 

I'm not sure if you're speaking of NIOS or BloxOne Threat Defense, but there are ways to access these lists on both platforms via the API.

 

For NIOS please see the 'Response Policy Zones' header (page 38) in this document: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-infoblox-rest-api.pdf

 

For BloxOne Threat Defense see the BloxOne Swagger, specifically 'BloxOne Threat Defense Cloud' -> 'named_lists' and 'named_list_items': https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FAtcfw#/named_li...

 

Thank you,

David

Re: API access to Blacklist

Techie
Posts: 4
2666     1

Thanks for the response David

 

Ah! I should have been more expicit!  I should have said "without paying for a feed" .

 

We are not subscribed to either of the threat feeds.  We already have multiple threat feeds, what I want tp do is maintain the blacklist myself from them.

Re: API access to Blacklist

Techie
Posts: 1
2666     1

Hey, have you figured out if this changed or not

Re: API access to Blacklist

Techie
Posts: 4
2666     1

Not definitely, but I interpret the silence as "yes you have to pay"

Re: API access to Blacklist

Superuser
Posts: 115
2666     1

You can purchase just the RPZ license, reach out to your account team

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

https://sifbaksh.com

Re: API access to Blacklist

Techie
Posts: 4
2667     1
Thanks for a definite answer!

Last time we looked it was prohibitively expensive given that we are doing this now on the firewall.

It would be more convenient to do it on the DNS servers.

Will check again.

R

Re: API access to Blacklist

Superuser
Posts: 115
2667     1

Here is a link to do it via API CSV import

https://github.com/seefor/infoblox-random-scripts/tree/main/csv_to_rpz_import

 

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

https://sifbaksh.com

Re: API access to Blacklist

Superuser
Posts: 17
2667     1

I'll elaborate a little on what Sif posted. Blacklist (free of charge) is very basic, and can only be managed via CSV import. RPZ (DNS Firewall) is the much better supported product that relies on a feed, and the policies can be manipulated from WAPI.

 

However, you can create CSV files using whatever program/script you want, and use WAPI CSV function to upload and import it (that's what Sif posted). It's not as clean as RPZ, but it achieves the goal of automating the management of your blacklist rules without paying.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You