Re: INFOBLOX & RAPID 7 NEXPOSE/INSIGHTVM INTEGRATION UPDATE 12/13/18
Yup I can help answer that! it's really simple I promise but may be hard to explain over text so bear with me until the end!
every event produces a different E: namespace even though many are similar such as Host events and Fixed events.
things like Lease events have different fields inside the E: namespace.
if you go here (which is our admin guide for NIOS):
and under the "event variables" section you will see all the variables that are populated based on the event that occurs.
Table 45.13 Shows the data that is populated when Lease events occur. in this case we are getting the ip.extattrs being Enriched from IPv4 Address and IPv6 Address. Which just means that if there is anything on that IP it will enrich the lease event.
do note that the “p.extattrs” that you see in Table 45.13 is actually “ip.extattrs”... it's a typo
when you look at table 45.21, which is the table for fixed events variables, you will see that ip.extattrs doesn’t exist but rather “extattrs” exists.
This is because we are not enriching the variables from another source but directly from that object.
Hope this helps,