Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API & Integration, DevOps,NetOps,SecOps

Who Me Too'd this solution

Re: DNS/DHCP Monitoring with API
[ Edited ]
malman
Superuser
Posts: 81

‎07-02-2022 12:25 PM - edited ‎06-27-2023 01:26 PM

This widget could not be displayed.
This widget could not be displayed.

Hello There,

 

It is possible. But you'd need a scripted logic for this. Summary of the logic is :

 

1) First you need to prepare a list of all Grid node references. References are just a string with which you could get to specific details about a node. Call for that would be :

 

https://<Grid_Master_IP>/wapi/v2.10.1/member

 

2) From the output of the first call, you need the value of "host_name" & "_ref" for all the items that you seen in the list. With hostname, you can identify different grid nodes(Ie, server names).

 

3) Now depending on the servers that you're interested in, you could use the "_ref" value for each nodes to get the service status from all the nodes. That call would be :

 

https://<Grid_Master_IP>/wapi/v2.10.1/member/b25lLnZpcnR1YWxfbm9kZSQw:infoblox.localdomain/memberservicestatus/nodeinfo?_return_fields=service_status

What you need to note in the call above is that "member/b25lLnZpcnR1YWxfbm9kZSQw:infoblox.localdomain" has to be the "value" of the "_ref" keys of all grid nodes that you get from call #1.

 

4) If you just take a look at the response of the second API call, you will understand what you need to do further with it. A sample output of call #2 would be :

{
    "_ref": "member/b25lLnZpcnR1YWxfbm9kZSQw:infoblox.localdomain",
    "service_status": [
        {
            "description": "DHCP Service is inactive",
            "service": "DHCP",
            "status": "INACTIVE"
        },
        {
            "description": "DNS Service is working",
            "service": "DNS",
            "status": "WORKING"
        },
        {
            "description": "NTP Service is inactive",
            "service": "NTP",
            "status": "INACTIVE"
        },
        {
            "description": "Hard Disk: 0% - TFTP Service is inactive",
            "service": "TFTP",
            "status": "INACTIVE"
        },
        {
            "description": "Hard Disk: 0% - HTTP File Dist Service is inactive",
            "service": "HTTP_FILE_DIST",
            "status": "INACTIVE"
        },
        {
            "description": "Hard Disk: 0% - FTP Service is inactive",
            "service": "FTP",
            "status": "INACTIVE"
        },
        {
            "description": "CPU: 100%, Memory: 0%, Hard Disk: 0%",
            "service": "BLOXTOOLS",
            "status": "INACTIVE"
        },
        {
            "description": "Captive Portal Service is inactive",
            "service": "CAPTIVE_PORTAL",
            "status": "INACTIVE"
        },
        {
            "service": "HSM",
            "status": "UNKNOWN"
        },
        {
            "description": "Subscriber Collection Service is inactive",
            "service": "IMC",
            "status": "INACTIVE"
        },
        {
            "description": "TAXII Service is inactive",
            "service": "TAXII",
            "status": "INACTIVE"
        }
    ]
}

If you'd like to have a robust script including all that logic, please let me know.

 

Best regards,

 

View solution in original post

1 person found this solution to be helpful.
Reply
Who Me Too'd this solution