Hi rful011,

I'm not sure if you're speaking of NIOS or BloxOne Threat Defense, but there are ways to access these lists on both platforms via the API.

For NIOS please see the 'Response Policy Zones' header (page 38) in this document: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-infoblox-rest-api.pdf

For BloxOne Threat Defense see the BloxOne Swagger, specifically 'BloxOne Threat Defense Cloud' -> 'named_lists' and 'named_list_items': https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FAtcfw#/named_li...

Thank you,

David

Thanks for the response David

Ah! I should have been more expicit!  I should have said "without paying for a feed" .

We are not subscribed to either of the threat feeds.  We already have multiple threat feeds, what I want tp do is maintain the blacklist myself from them.

Hey, have you figured out if this changed or not

Not definitely, but I interpret the silence as "yes you have to pay"

Here is a link to do it via API CSV import

https://github.com/seefor/infoblox-random-scripts/tree/main/csv_to_rpz_import

I'll elaborate a little on what Sif posted. Blacklist (free of charge) is very basic, and can only be managed via CSV import. RPZ (DNS Firewall) is the much better supported product that relies on a feed, and the policies can be manipulated from WAPI.

However, you can create CSV files using whatever program/script you want, and use WAPI CSV function to upload and import it (that's what Sif posted). It's not as clean as RPZ, but it achieves the goal of automating the management of your blacklist rules without paying.