Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

How to delete a record from an RPZ using the API?

New Member
Posts: 3
3830     1

What is the API call to delete a record from an RPZ?

 

I figured that I can delete a record from an RPZ with:

DELETE /wapi/v2.10/record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LnRocmVhdHFycHouY29tLmJhZGd1eS50ZXN0NA.badguy.com/default/?_return_as_object=1

However, I can't figure out how to obtain the refname (the hash value in the middle) for the object.

 

The refnames that are returned from a GET call to /wapi/v2.10/zone_rp are different from the refnames needed for the deletion of the objects. Any suggestions how to obtain the refnames for all objects in a PRZ?

 

 

Thanks,

Valentin

Re: How to delete a record from an RPZ using the API?

Adviser
Posts: 181
3830     1

Hi,

 

Depending on the kind of RPZ record you are querying, you can do a GET against that like below:

 

In the case of Block Domain Name (No Such Domain) Rule:

curl -k -u admin:infoblox -X GET "https://grid-master/wapi/v2.11/record:rpz:cname?_return_as_object=1"

Sample result:

{
    "result": [
        {
            "_ref": "record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmxvY2FsLnJwei5jb20uZ29vZHNpdGU:goodsite.com.rpz.local/default",
            "canonical": "goodsite.com",
            "name": "goodsite.com.rpz.local",
            "view": "default"
        },
        {
            "_ref": "record:rpz:cname/ZG5zLmJpbmRfY25hbWUkLl9kZWZhdWx0LmxvY2FsLnJwei5jb20uYmFkc2l0ZQ:badsite.com.rpz.local/default",
            "canonical": "",
            "name": "badsite.com.rpz.local",
            "view": "default"
        }
    ]
}

You can use the field from _ref for the DELETE query

Hope that is helpful,

Krishna

Re: How to delete a record from an RPZ using the API?

New Member
Posts: 3
3831     1

Thanks! This worked like a charm.

 

I see the error I had. I was getting the objects using the /wapi/v2.10/allrpzrecords endpoint instead of getting the records from the specific zone I have which should use the /wapi/v2.10/record:rpz:cname endpoint. Looks like the _ref values from both endpoints are different.

 

 

Valentin

Showing results for 
Search instead for 
Did you mean: 

Recommended for You