- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2021 12:56 PM
It is some years since I looked at this and I know that back then one could not use the API to manage the DNS black list.
Has this changed?
Solved! Go to Solution.
Re: API access to Blacklist
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2021 09:10 AM - edited 09-27-2021 09:10 AM
Hi rful011,
I'm not sure if you're speaking of NIOS or BloxOne Threat Defense, but there are ways to access these lists on both platforms via the API.
For NIOS please see the 'Response Policy Zones' header (page 38) in this document: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-infoblox-rest-api.pdf
For BloxOne Threat Defense see the BloxOne Swagger, specifically 'BloxOne Threat Defense Cloud' -> 'named_lists' and 'named_list_items': https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FAtcfw#/named_li...
Thank you,
David
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2021 11:45 AM
Thanks for the response David
Ah! I should have been more expicit! I should have said "without paying for a feed" .
We are not subscribed to either of the threat feeds. We already have multiple threat feeds, what I want tp do is maintain the blacklist myself from them.
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2021 08:48 AM
Hey, have you figured out if this changed or not
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2021 10:29 AM
Not definitely, but I interpret the silence as "yes you have to pay"
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2021 11:33 AM
You can purchase just the RPZ license, reach out to your account team
Twitter: https://twitter.com/sifbaksh
https://sifbaksh.com
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2021 11:45 AM
Last time we looked it was prohibitively expensive given that we are doing this now on the firewall.
It would be more convenient to do it on the DNS servers.
Will check again.
R
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2021 11:54 AM
Here is a link to do it via API CSV import
https://github.com/seefor/infoblox-random-scripts/tree/main/csv_to_rpz_import
Twitter: https://twitter.com/sifbaksh
https://sifbaksh.com
Re: API access to Blacklist
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2022 09:58 AM
I'll elaborate a little on what Sif posted. Blacklist (free of charge) is very basic, and can only be managed via CSV import. RPZ (DNS Firewall) is the much better supported product that relies on a feed, and the policies can be manipulated from WAPI.
However, you can create CSV files using whatever program/script you want, and use WAPI CSV function to upload and import it (that's what Sif posted). It's not as clean as RPZ, but it achieves the goal of automating the management of your blacklist rules without paying.