Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Tufin

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
[ Edited ]
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

Hello,

 

The combined power of Infoblox and Tufin working together helps empower actionable insight into the entire infrastructure, discovering security risks quicker and more accurately and investigating and ranking security policies, all while improving on the organization’s security and compliance.

 

Infoblox provides Tufin with resources such as networks and potential threats and, in exchange, Tufin gets improved management on networks and security risks, including the ability to create policies and keep companies within compliance with the data received through Infoblox. The integration with Infoblox and Tufin allows faster policy management and more insight into the entire network.

 

Tufin offers Infoblox networks improved management on the Infoblox DDI and keeps Infoblox within the compliance with policies set by the organization through Tufin. Tufin can add networks to any network view inside Infoblox, allowing further control of the network structure and policies from a single hub on Tufin.

 

Don’t forget to check out the Video for deploying and using the Tufin integration:

 

 

The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attributes

Description

Type

Tufin_Last_Incident

Contains the last date and time when an asset had an incident sent from Infoblox

String

Tufin_Send_Incident

 

Defines if an asset should send an incident if RPZ, ADP or DNS Tunneling events occur

List

(true, false)

Tufin_Sync

 

Defines if a network should be synced with Tufin.

List

(true, false)

Tufin_SyncTime

 

Contains date/time when the network was synchronized.

String

Tufin_Zone

 

Defines a List of possible Tufin zones to push networks from Infoblox.

List

(Tufin Zone)

Tufin_Sync_Zones

 

Defines a List of possible Tufin zones to be synced to an Infoblox Network View.

List

(Tufin Zones)

 

In the attached documents you will find the templates for the Tufin integration in txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production. Here you will find the link to the deployment guide for the Tufin integrations: https://www.infoblox.com/resources/deployment-guides/integration-with-tufin

 

Here is the Solution Note: https://www.infoblox.com/resources/solution-notes/simplifying-the-management-network-security-zone-p...

Re: INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
[ Edited ]
New Member
Posts: 3
Registered: ‎03-03-2017
New Member
Posts: 3

Hi

we have implemented your templates and using the Network_Sync template for updating zones configured in Infoblox to Tufin. But we will run into an error if we add a new network. Those messages we got in the debug log:

 

(DEBUG): Executing step Check_If_Modify (1)
(DEBUG): Found a/an AND condition step!
(DEBUG): Evaluating statement: MODIFY == MODIFY
(DEBUG): Evaluating statement: != Tufin-Zone-A
(DEBUG): The condition matched!
(DEBUG): Executing the eval block
(DEBUG): An error has occurred while processing a template
(DEBUG): Variable E: previous_values sub-addressing cannot be executed successfully, please verify the indexes / keys passed are correct (last key tried: "<a complex substitution inner selector>" in "<a complex variable>")

 

Do you have an idea, what's going wrong?

 

Thanks

Jens

Re: INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
Adviser
Posts: 171
Registered: ‎09-09-2015
Adviser
Posts: 81

Based on the logs looks like you are trying to modify a network.

(DEBUG): Evaluating statement: MODIFY == MODIFY

Is it a newor existing network on the IPAM side?

Re: INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

Hello Gottel,

 

looks like you have some strange variable inside your Extensible attribute would you mind sharing your variables you have for:

Tufin_Zone
 
and also share the debug log for what you have in the L namespace.
 
you can do it with this step:
{
"name": "Debug",
"comment": "DebugOnStart",
"operation": "NOP",
"body": "${XCSmiley Very HappyEBUG:{L:}}"
},
 
I believe there may be somthing wrong with the "Previous value" that is causing this issue however I can't be certain unless I see it.
Re: INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
New Member
Posts: 3
Registered: ‎03-03-2017
New Member
Posts: 3

The network is an existing one.

Re: INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
New Member
Posts: 3
Registered: ‎03-03-2017
New Member
Posts: 3

Hi all

I adapted the "tufin_Asset.txt" template:

        {
            "name": "Check_If_Modify",
            "operation": "CONDITION",
            "condition": {
                "condition_type": "AND",
                "statements": [
                    {
                        "left": "${E:A:operation_type}",
                        "op": "==",
                        "right": "MODIFY"
                    },
                    {
                        "left": "${E:A:previous_values{extattrs}{Tufin_Zone}{value}}",
                        "op": "!=",
                        "right": "${E:A:values{extattrs}{Tufin_Zone}{value}}"
                    },
                    {
                        "left": "${E:A:previous_values{extattrs}{Tufin_Zone}{value}}",
                        "op": "!=",
                        "right": ""
                    }
                ],
                "else_eval": "${XC:COPY:{L:Zone}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}",
                "else_next": "Get_Zone_ID",
                "eval": "${XC:COPY:{L:Zone}:{E:previous_values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone}:{E:previous_values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}"
            }
        },

And the second adaption after the section "Check_If_Inserted_Event":

 		{
            "name": "Check_If_Modify_Inserted_Event",
            "comment": "Check_If_Modify_Inserted_Event",
            "operation": "CONDITION",
            "condition": {
                "condition_type": "AND",
                "statements": [
                    {
                        "left": "${E:A:operation_type}",
                        "op": "==",
                        "right": "MODIFY"
                    },
                    {
                        "left": "${E:A:previous_values{extattrs}{Tufin_Zone}{value}}",
                        "op": "!=",
                        "right": ""
                    }
                ],
                "next": "Check_If_IPv6_Skip_Check"
            }
        },

This allows me to sync the existing networks to Tufin, without any errors. Maybe you want to update your template after testing my solution.

 

Thanks
Jens

Showing results for 
Search instead for 
Did you mean: