{ "name": "DXL_Reservation_Event", "version": "3.0", "type": "DXL_EVENT", "event_type": [ "FIXED_ADDRESS_IPV4", "FIXED_ADDRESS_IPV6" ], "vendor_identifier": "McAfee", "quoting": "ASIS", "instance_variables": [ { "name": "DXL_MessageFormat", "type": "STRING" }, { "name": "OPERATION_TYPES", "type": "STRING", "value": "insert/modify/delete" } ], "steps": [ { "name": "Debug#0", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set time vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:New_Time}:{E:timestamp}}${XC:FORMAT:TRUNCATE:{L:New_Time}:{16t}}" ] }, { "name": "Set Old_Time", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{DXL_LastEventSentAt}{value}}", "op": "==", "right": "" } ], "eval": "${XC:ASSIGN:{L:Old_Time}:{S:}}", "else_eval": "${XC:COPY:{L:Old_Time}:{E:values{extattrs}{DXL_LastEventSentAt}{value}}}}${XC:FORMAT:TRUNCATE:{L:Old_Time}:{16t}}" } }, { "name": "Debug#1", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "STOP if modified in the last second", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:New_Time}", "op": "==", "right": "${L:A:Old_Time}" } ], "stop": true } }, { "name": "Debug#2", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "STOP if sync not requested", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{DXL_Sync}{value}}", "op": "==", "right": "" }, { "left": "${E:A:values{extattrs}{DXL_Sync}{value}}", "op": "==", "right": "false" } ], "stop": true } }, { "name": "init_internal_data", "operation": "VARIABLEOP", "variable_ops": [ { "operation": "ASSIGN", "type": "DICTIONARY", "destination": "L:internal", "keys": [ "analyzer_ipv4", "analyzer_ipv6", "source_ipv4", "source_ipv6", "target_ipv4", "target_ipv6", "severity" ], "values": [ "", "", "", "", "", "", "7" ] } ] }, { "name": "check what operation types are allowed", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::OPERATION_TYPES}", "op": "!~", "right": "((?i).*${E::operation_type}.*)" } ], "next": "Fin" } }, { "name": "is_analyzer_source_FIXED_ipv4", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::object_type}", "op": "==", "right": "FixedAddress" }, { "left": "${E::values{ipv4addr}}", "op": "!=", "right": "" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{analyzer_ipv4}}:{E:member_ip}}${XC:COPY:{L:internal{source_ipv4}}:{E:member_ip}}${XC:ASSIGN:{L:IPv}:{I:4}}", "else_eval": "${XC:COPY:{L:internal{analyzer_ipv6}}:{E:member_ip}}${XC:COPY:{L:internal{source_ipv6}}:{E:member_ip}}${XC:ASSIGN:{L:IPv}:{I:6}}" } }, { "name": "is_target_ipv4", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::values{ipv4addr}}", "op": "!=", "right": "" } ], "condition_type": "AND", "eval": "${XC:COPY:{L:internal{target_ipv4}}:{E:values{ipv4addr}}}", "else_eval": "${XC:COPY:{L:internal{target_ipv6}}:{E:values{ipv6addr}}}" } }, { "name": "is_severity_7", "operation": "CONDITION", "condition": { "statements": [ { "left": "1", "op": "==", "right": "1" } ], "condition_type": "AND", "eval": "${XC:ASSIGN:{L:internal{severity}}:{I:7}}" } }, { "name": "check if reservation range or network to assign values", "operation": "CONDITION", "condition": { "statements": [ { "left": "${E::object_type}", "op": "==", "right": "FixedAddress" }, { "left": "${E::object_type}", "op": "==", "right": "IPv6FixedAddress" } ], "condition_type": "OR", "eval": "${XC:COPY:{L:ruleName}:{E:member_name}}${XC:FORMAT:TRUNCATE:{L:ruleName}:{-128f}}${XC:COPY:{L:threatName}:{E:values{_ref}}}${XC:FORMAT:TRUNCATE:{L:threatName}:{-128f}}${XC:COPY:{L:DetectedUTC}:{E:timestamp}}${XC:ASSIGN:{L:Obj_ref}:{S:}}${XC:ASSIGN:{L:network_view}:{S:default}}${XC:COPY:{L:Object_type}:{E:object_type}}${XC:ASSIGN:{L:threatActionTaken}:{S:Alert}}${XC:ASSIGN:{L:threatHandled}:{I:1}}${XC:COPY:{L:operation_type}:{E:operation_type}}" } }, { "name": "check GUID", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${E:A:values{extattrs}{ePO_GUID}{value}}", "op": "==", "right": "" } ], "eval": "${XC:COPY:{L:GUID}:{UT:UUID}}${XC:ASSIGN:{L:GUIDtype}:{S:generated}}", "else_eval": "${XC:COPY:{L:GUID}:{E:values{extattrs}{ePO_GUID}{value}}}${XC:ASSIGN:{L:GUIDtype}:{S:local}}" } }, { "name": "jump if have GUID or no WAPI credentials or is delete", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:GUIDtype}", "op": "==", "right": "local" }, { "left": "${UT:A:WAPIUSERNAME}", "op": "==", "right": "" }, { "left": "${E:A:operation_type}", "op": "==", "right": "DELETE" } ], "next": "Check if operation type was delete to avoid errors" } }, { "name": "Check if operation type was delete to avoid errors", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E:A:operation_type}", "op": "==", "right": "DELETE" } ], "next": "check DXL_MessageFormat_Delete" } }, { "name": "set up address", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E::values{ipv4addr}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:IP}:{E:values{ipv4addr}}}", "else_eval": "${XC:COPY:{L:IP}:{E:values{ipv6addr}}}" } }, { "name": "Get User Data", "operation": "GET", "transport": { "path": "networkuser?user_status=ACTIVE&address=${L:A:IP}" }, "wapi": "v2.6" }, { "name": "check_user_response", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:L:PARSE}", "op": "==", "right": "0" } ], "next": "check_username" } }, { "name": "Pop User from the list", "operation": "VARIABLEOP", "variable_ops": [ { "operation": "UNSHIFT", "type": "DICTIONARY", "destination": "L:user", "source": "P:PARSE" } ] }, { "name": "check_username", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${L::user{name}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:username}:{L:user{name}}}${XC:COPY:{L:domainname}:{L:user{domainname}}}", "else_eval": "${XC:ASSIGN:{L:username}:{S:.}}${XC:ASSIGN:{L:domainname}:{S:.}}" } }, { "name": "assign ipv4 or ipv6 ip to use for GET requests", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E::values{ipv4addr}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:GetIP}:{E:values{ipv4addr}}}", "else_eval": "${XC:COPY:{L:GetIP}:{E:values{ipv6addr}}" } }, { "name": "check IPv6", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:IPv}", "op": "==", "right": "6" } ], "next": "Get IPv6Fixed _ref" } }, { "name": "Get IPv4Fixed _ref", "operation": "GET", "transport": { "path": "fixedaddress?ipv4addr=${L:U:GetIP}&network_view=${L:U:network_view}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "operation": "CONDITION", "name": "wapi_response_getIPv4Fix_ref", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{_ref}}", "op": "!=", "right": "" } ], "next": "Get_Objref" } }, { "name": "Get HostIPv4 _ref", "operation": "GET", "transport": { "path": "record:host?ipv4addr=${L:U:GetIP}&network_view=${L:U:network_view}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "operation": "CONDITION", "name": "wapi_response_getIPv4Host_ref", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{_ref}}", "op": "!=", "right": "" } ], "next": "Get_Objref" } }, { "name": "IPv4 object was not found", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Check if Reservation ipv6" } }, { "name": "Get IPv6Fixed _ref", "operation": "GET", "transport": { "path": "ipv6fixedaddress?ipv6addr=${L:U:GetIP}&network_view=${L:U:network_view}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "operation": "CONDITION", "name": "wapi_response_getIPv6Fix_ref", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{_ref}}", "op": "!=", "right": "" } ], "next": "Get_Objref" } }, { "name": "Get HostIPv6 _ref", "operation": "GET", "transport": { "path": "record:host?ipv6addr=${L:U:GetIP}&network_view=${L:U:network_view}&_return_fields=extattrs" }, "wapi": "v2.7" }, { "operation": "CONDITION", "name": "wapi_response_getIPv6Host_ref", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{_ref}}", "op": "!=", "right": "" } ], "next": "Get_Objref" } }, { "name": "Get_Objref", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P:A:PARSE[0]{_ref}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:Obj_ref}:{P:PARSE[0]{_ref}}}" } }, { "name": "jump if no Obj_ref", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "${L:A:Obj_ref}", "op": "==", "right": "" } ], "next": "Check if Reservation ipv6" } }, { "name": "Update GUID", "operation": "PUT", "transport": { "path": "${L:A:Obj_ref}" }, "wapi": "v2.7", "wapi_quoting": "JSON", "body_list": [ "{\"extattrs+\":{\"ePO_GUID\": { \"value\": \"${L:A:GUID}\"},\"DXL_LastEventSentAt\": { \"value\": \"${E:A:timestamp}\"}}}" ] }, { "name": "Check if Reservation ipv6", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${E::event_type}", "op": "==", "right": "FIXED_ADDRESS_IPV6" } ], "next": "GET Reservation IPv6 data" } }, { "name": "GET Reservation IPv4 data", "operation": "GET", "transport": { "path": "fixedaddress?ipv4addr=${E::values{ipv4addr}}&_return_fields=allow_telnet,agent_remote_id,name,agent_circuit_id,ddns_hostname,comment,ddns_domainname,always_update_dns,client_identifier_prepend_zero,deny_bootp,dhcp_client_identifier,disable,disable_discovery,discover_now_status,enable_ddns,enable_pxe_lease_time,extattrs,ignore_dhcp_option_list_request,ipv4addr,is_invalid_mac,logic_filter_rules,mac,match_client,ms_options,network,network_view,options,reserved_interface" }, "wapi": "v2.7" }, { "name": "Debug#35", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set Reservation IPv4 data vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:allow_telnet}:{P:PARSE[0]{allow_telnet}}}", "${XC:COPY:{L:always_update_dns}:{P:PARSE[0]{always_update_dns}}}", "${XC:COPY:{L:deny_bootp}:{P:PARSE[0]{deny_bootp}}}", "${XC:COPY:{L:dhcp_client_identifier}:{P:PARSE[0]{dhcp_client_identifier}}}", "${XC:COPY:{L:disable}:{P:PARSE[0]{disable}}}", "${XC:COPY:{L:disable_discovery}:{P:PARSE[0]{disable_discovery}}}", "${XC:COPY:{L:discover_now_status}:{P:PARSE[0]{discover_now_status}}}", "${XC:COPY:{L:extattrs}:{P:PARSE[0]{extattrs}{ePO_GUID}{value}}}", "${XC:COPY:{L:enable_ddns}:{P:PARSE[0]{enable_ddns}}}", "${XC:COPY:{L:enable_pxe_lease_time}:{P:PARSE[0]{enable_pxe_lease_time}}}", "${XC:COPY:{L:ignore_dhcp_option_list_request}:{P:PARSE[0]{ignore_dhcp_option_list_request}}}", "${XC:COPY:{L:ipv4addr}:{P:PARSE[0]{ipv4addr}}}", "${XC:COPY:{L:is_invalid_mac}:{P:PARSE[0]{is_invalid_mac}}}", "${XC:COPY:{L:logic_filter_rules}:{P:PARSE[0]{logic_filter_rules}}}", "${XC:COPY:{L:mac}:{P:PARSE[0]{mac}}}", "${XC:COPY:{L:match_client}:{P:PARSE[0]{match_client}}}", "${XC:COPY:{L:ms_options}:{P:PARSE[0]{ms_options}}}", "${XC:COPY:{L:network}:{P:PARSE[0]{network}}}", "${XC:COPY:{L:network_view}:{P:PARSE[0]{network_view}}}", "${XC:COPY:{L:options}:{P:PARSE[0]{options}}}", "${XC:COPY:{L:reserved_interface}:{P:PARSE[0]{reserved_interface}}}", "${XC:ASSIGN:{L:address_type}:{S:}}", "${XC:ASSIGN:{L:duid}:{S:}}", "${XC:ASSIGN:{L:ipv6addr}:{S:}}", "${XC:ASSIGN:{L:ipv6prefix}:{S:}}", "${XC:ASSIGN:{L:preferred_lifetime}:{S:}}", "${XC:ASSIGN:{L:valid_lifetime}:{S:}}" ] }, { "name": "Check agent_circuit_id", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{agent_circuit_id}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:agent_circuit_id}:{P:PARSE[0]{agent_circuit_id}}}", "else_eval": "${XC:ASSIGN:{L:agent_circuit_id}:{S:}}" } }, { "name": "Check agent_remote_id", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{agent_remote_id}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:agent_remote_id}:{P:PARSE[0]{agent_remote_id}}}", "else_eval": "${XC:ASSIGN:{L:agent_remote_id}:{S:}}" } }, { "name": "Check name", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{name}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:name}:{P:PARSE[0]{name}}}", "else_eval": "${XC:ASSIGN:{L:name}:{S:}}" } }, { "name": "Check ddns_hostname", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{ddns_hostname}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ddns_hostname}:{P:PARSE[0]{ddns_hostname}}}", "else_eval": "${XC:ASSIGN:{L:ddns_hostname}:{S:}}" } }, { "name": "Check ddns_domainname", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{ddns_domainname}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:ddns_domainname}:{P:PARSE[0]{ddns_domainname}}}", "else_eval": "${XC:ASSIGN:{L:ddns_domainname}:{S:}}" } }, { "name": "Check comment", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{comment}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:comment}:{P:PARSE[0]{comment}}}", "else_eval": "${XC:ASSIGN:{L:comment}:{S:}}" } }, { "name": "Debug#36", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "Skip to send Data to DXL#2", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "check DXL_MessageFormat" } }, { "name": "GET Reservation IPv6 data", "operation": "GET", "transport": { "path": "ipv6fixedaddress?ipv6addr=${E::values{ipv6addr}}&_return_fields=address_type,allow_telnet,comment,name,disable,disable_discovery,discover_now_status,domain_name_servers,duid,extattrs,ipv6addr,ipv6prefix,network,network_view,options,preferred_lifetime,reserved_interface,valid_lifetime" }, "wapi": "v2.7" }, { "name": "Debug#37", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "set Reservation IPv6 vars", "operation": "NOP", "body_list": [ "${XC:COPY:{L:address_type}:{P:PARSE[0]{address_type}}}", "${XC:COPY:{L:allow_telnet}:{P:PARSE[0]{allow_telnet}}}", "${XC:COPY:{L:disable}:{P:PARSE[0]{disable}}}", "${XC:COPY:{L:disable_discovery}:{P:PARSE[0]{disable_discovery}}}", "${XC:COPY:{L:discover_now_status}:{P:PARSE[0]{discover_now_status}}}", "${XC:COPY:{L:domain_name_servers}:{P:PARSE[0]{domain_name_servers}}}", "${XC:COPY:{L:duid}:{P:PARSE[0]{duid}}}", "${XC:COPY:{L:extattrs}:{P:PARSE[0]{extattrs}{ePO_GUID}{value}}}", "${XC:COPY:{L:ipv6addr}:{P:PARSE[0]{ipv6addr}}}", "${XC:COPY:{L:ipv6prefix}:{P:PARSE[0]{ipv6prefix}}}", "${XC:COPY:{L:network}:{P:PARSE[0]{network}}}", "${XC:COPY:{L:network_view}:{P:PARSE[0]{network_view}}}", "${XC:COPY:{L:options}:{P:PARSE[0]{options}}}", "${XC:COPY:{L:preferred_lifetime}:{P:PARSE[0]{preferred_lifetime}}}", "${XC:COPY:{L:reserved_interface}:{P:PARSE[0]{reserved_interface}}}", "${XC:COPY:{L:valid_lifetime}:{P:PARSE[0]{valid_lifetime}}}", "${XC:ASSIGN:{L:always_update_dns}:{S:}}", "${XC:ASSIGN:{L:deny_bootp}:{S:}}", "${XC:ASSIGN:{L:dhcp_client_identifier}:{S:}}", "${XC:ASSIGN:{L:enable_ddns}:{S:}}", "${XC:ASSIGN:{L:enable_pxe_lease_time}:{S:}}", "${XC:ASSIGN:{L:ignore_dhcp_option_list_request}:{S:}}", "${XC:ASSIGN:{L:ipv4addr}:{S:}}", "${XC:ASSIGN:{L:is_invalid_mac}:{S:}}", "${XC:ASSIGN:{L:logic_filter_rules}:{S:}}", "${XC:ASSIGN:{L:mac}:{S:}}", "${XC:ASSIGN:{L:match_client}:{S:}}", "${XC:ASSIGN:{L:agent_circuit_id}:{S:}}", "${XC:ASSIGN:{L:agent_remote_id}:{S:}}", "${XC:ASSIGN:{L:ddns_hostname}:{S:}}", "${XC:ASSIGN:{L:ddns_domainname}:{S:}}", "${XC:ASSIGN:{L:ms_options}:{S:}}" ] }, { "name": "Check name#2", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{name}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:name}:{P:PARSE[0]{name}}}", "else_eval": "${XC:ASSIGN:{L:name}:{S:}}" } }, { "name": "Check comment#2", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${P::PARSE[0]{comment}}", "op": "!=", "right": "" } ], "eval": "${XC:COPY:{L:comment}:{P:PARSE[0]{comment}}}", "else_eval": "${XC:ASSIGN:{L:comment}:{S:}}" } }, { "name": "check DXL_MessageFormat", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::DXL_MessageFormat}", "op": "==", "right": "CEF" } ], "next": "send_CEF" } }, { "name": "Debug#38", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "send_OpenDXL", "operation": "DXL_SEND_EVENT", "body_list": [ "{", " \"eventMsgType\": \"Infoblox Change Event\",", " \"eventMsgVersion\": \"1.0\",", " \"event\": {", " \"category\": \"${E::event_type}\",", " \"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", " \"eventType\": \"${E::operation_type}\",", " \"eventId\": \"204161\",", " \"analyzer\": {", " \"id\": \"S_INFBLX0802\",", " \"version\": \"8.2.1\",", " \"name\": \"NIOS\",", " \"detectionMethod\": \"NIOS\",", " \"hostName\": \"${E::member_name}\",", " \"detectedUTC\": \"${L::DetectedUTC}\",", " \"ipv4\": \"${L::internal{analyzer_ipv4}}\",", " \"ipv6\": \"${L::internal{analyzer_ipv6}}\"", " },", " \"entity\": {", " \"groupName\": \"\",", " \"osPlatform\": \"\",", " \"osType\": \"\",", " \"type\": \"\",", " \"sessionID\": \"\",", " \"allow_telnet\": \"${L::allow_telnet}\",", " \"disable\": \"${L::disable}\",", " \"always_update_dns\": \"${L::always_update_dns}\",", " \"deny_bootp\": \"${L::deny_bootp}\",", " \"dhcp_client_identifier\": \"${L::dhcp_client_identifier}\",", " \"enable_ddns\": \"${L::enable_ddns}\",", " \"enable_pxe_lease_time\": \"${L::enable_pxe_lease_time}\",", " \"ignore_dhcp_option_list_request\": \"${L::ignore_dhcp_option_list_request}\",", " \"ipv4addr\": \"${L::ipv4addr}\",", " \"is_invalid_mac\": \"${L::is_invalid_mac}\",", " \"mac\": \"${L::mac}\",", " \"match_client\": \"${L::match_client}\",", " \"disable_discovery\": \"${L::disable_discovery}\",", " \"network_view\": \"${L::network_view}\",", " \"address_type\": \"${L::address_type}\",", " \"discover_now_status\": \"${L::discover_now_status}\",", " \"duid\": \"${L::duid}\",", " \"username\": \"${L::username}\",", " \"domainname\": \"${L::domainname}\",", " \"ipv6addr\": \"${L::ipv6addr}\",", " \"ipv6prefix\": \"${L::ipv6prefix}\",", " \"network\": \"${L::network}\",", " \"preferred_lifetime\": \"${L::preferred_lifetime}\",", " \"reserved_interface\": \"${L::reserved_interface}\",", " \"valid_lifetime\": \"${L::valid_lifetime}\",", " \"agent_circuit_id\": \"${L::agent_circuit_id}\",", " \"agent_remote_id\": \"${L::agent_remote_id}\",", " \"name\": \"${L::name}\",", " \"ddns_hostname\": \"${L::ddns_hostname}\",", " \"ddns_domainname\": \"${L::ddns_domainname}\",", " \"comment\": \"${L::comment}\",", " \"extattr\":{", " \"Values\": \"${L::extattrs}\"", " }", " },", " \"extattr\":{", " \"ePO_GUID\": \"${L::extattrs}\"", " },", " \"source\": {", " \"ipv4\": \"${L::internal{source_ipv4}}\",", " \"ipv6\": \"${L::internal{source_ipv6}}\",", " \"port\": 00000", " }", " }", "}" ], "dxl_topic": "/open/DDI/v1/${E::event_type}/infoblox" }, { "name": "Debug#50", "operation": "NOP", "body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{UT:}}${XC:DEBUG:{R:}}" }, { "name": "goFin", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "send_CEF", "operation": "DXL_SEND_EVENT", "body_list": [ "{\"DXLCommonEvent\":{", "\"category\": \"${E::event_type}\",", "\"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", "\"eventType\": \"${E::operation_type}\",", "\"eventId\": \"204161\",", "\"AgentGUID\": \"${L::GUID}\",", "\"Analyzer\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"AnalyzerDATVersion\": \"\",", "\"AnalyzerDetectionMethod\": \"${E::object_type}\",", "\"AnalyzerHostName\": \"${E::member_name}\",", "\"AnalyzerIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"AnalyzerIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"AnalyzerMAC\": \"\",", "\"AnalyzerName\": \"NIOS\",", "\"AnalyzerVersion\": \"8.2.1\",", "\"DetectedUTC\": \"${L::DetectedUTC}\",", "\"ServerID\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"SourceIPV4\": \"${L::internal{source_ipv4}}\",", "\"SourceIPV6\": \"${L::internal{source_ipv6}}\",", "\"SourcePort\": \"00000\",", "\"TargetHostName\": \"${E::member_name}\",", "\"TargetIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"TargetIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"TargetPort\": \"53\",", "\"TargetProtocol\": \"dns\",", "\"allow_telnet\": \"${L::allow_telnet}\",", "\"disable\": \"${L::disable}\",", "\"always_update_dns\": \"${L::always_update_dns}\",", "\"deny_bootp\": \"${L::deny_bootp}\",", "\"dhcp_client_identifier\": \"${L::dhcp_client_identifier}\",", "\"enable_ddns\": \"${L::enable_ddns}\",", "\"enable_pxe_lease_time\": \"${L::enable_pxe_lease_time}\",", "\"ignore_dhcp_option_list_request\": \"${L::ignore_dhcp_option_list_request}\",", "\"ipv4addr\": \"${L::ipv4addr}\",", "\"is_invalid_mac\": \"${L::is_invalid_mac}\",", "\"mac\": \"${L::mac}\",", "\"username\": \"${L::username}\",", "\"domainname\": \"${L::domainname}\",", "\"match_client\": \"${L::match_client}\",", "\"disable_discovery\": \"${L::disable_discovery}\",", "\"network_view\": \"${L::network_view}\",", "\"address_type\": \"${L::address_type}\",", "\"discover_now_status\": \"${L::discover_now_status}\",", "\"duid\": \"${L::duid}\",", "\"ipv6addr\": \"${L::ipv6addr}\",", "\"ePO_GUID\": \"${L::extattrs}\"", "\"ipv6prefix\": \"${L::ipv6prefix}\",", "\"network\": \"${L::network}\",", "\"preferred_lifetime\": \"${L::preferred_lifetime}\",", "\"reserved_interface\": \"${L::reserved_interface}\",", "\"agent_circuit_id\": \"${L::agent_circuit_id}\",", "\"agent_remote_id\": \"${L::agent_remote_id}\",", "\"name\": \"${L::name}\",", "\"ddns_hostname\": \"${L::ddns_hostname}\",", "\"ddns_domainname\": \"${L::ddns_domainname}\",", "\"comment\": \"${L::comment}\",", "\"valid_lifetime\": \"${L::valid_lifetime}\"", "}}" ], "dxl_topic": "/infoblox/outbound/${E::event_type}" }, { "name": "goFin#2", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "check DXL_MessageFormat_Delete", "operation": "CONDITION", "condition": { "condition_type": "AND", "statements": [ { "left": "${I::DXL_MessageFormat}", "op": "==", "right": "CEF" } ], "next": "send_CEF_Delete" } }, { "name": "send_OpenDXL_Delete", "operation": "DXL_SEND_EVENT", "body_list": [ "{", " \"eventMsgType\": \"Infoblox Change Event\",", " \"eventMsgVersion\": \"1.0\",", " \"event\": {", " \"category\": \"${E::event_type}\",", " \"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", " \"eventType\": \"${E::operation_type}\",", " \"eventId\": \"204161\",", " \"analyzer\": {", " \"id\": \"S_INFBLX0802\",", " \"version\": \"8.2.1\",", " \"name\": \"NIOS\",", " \"detectionMethod\": \"NIOS\",", " \"hostName\": \"${E::member_name}\",", " \"detectedUTC\": \"${L::DetectedUTC}\",", " \"ipv4\": \"${L::internal{analyzer_ipv4}}\",", " \"ipv6\": \"${L::internal{analyzer_ipv6}}\"", " },", " \"source\": {", " \"ipv4\": \"${L::internal{source_ipv4}}\",", " \"ipv6\": \"${L::internal{source_ipv6}}\",", " \"port\": 00000", " }", " }", "}" ], "dxl_topic": "/open/DDI/v1/${E::event_type}/infoblox" }, { "name": "goFin#3", "operation": "CONDITION", "condition": { "condition_type": "OR", "statements": [ { "left": "1", "op": "==", "right": "1" } ], "next": "Fin" } }, { "name": "send_CEF_Delete", "operation": "DXL_SEND_EVENT", "body_list": [ "{\"DXLCommonEvent\":{", "\"category\": \"${E::event_type}\",", "\"eventDesc\": \"DNS ${E::event_type} ${E::operation_type} event\",", "\"eventType\": \"${E::operation_type}\",", "\"eventId\": \"204161\",", "\"AgentGUID\": \"${L::GUID}\",", "\"Analyzer\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"AnalyzerDATVersion\": \"\",", "\"AnalyzerDetectionMethod\": \"${E::object_type}\",", "\"AnalyzerHostName\": \"${E::member_name}\",", "\"AnalyzerIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"AnalyzerIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"AnalyzerMAC\": \"\",", "\"AnalyzerName\": \"NIOS\",", "\"AnalyzerVersion\": \"8.2.1\",", "\"DetectedUTC\": \"${L::DetectedUTC}\",", "\"ServerID\": \"${L::internal{analyzer_ipv4}}${L::internal{analyzer_ipv6}}\",", "\"SourceIPV4\": \"${L::internal{source_ipv4}}\",", "\"SourceIPV6\": \"${L::internal{source_ipv6}}\",", "\"SourcePort\": \"00000\",", "\"TargetHostName\": \"${E::member_name}\",", "\"TargetIPV4\": \"${L::internal{analyzer_ipv4}}\",", "\"TargetIPV6\": \"${L::internal{analyzer_ipv6}}\",", "\"TargetPort\": \"53\",", "\"TargetProtocol\": \"dns\"", "}}" ], "dxl_topic": "/infoblox/outbound/${E::event_type}" }, { "name": "Fin", "operation": "NOP", "body": "" } ] }