09-21-2021 12:56 PM
09-27-2021 09:10 AM - edited 09-27-2021 09:10 AM
I'm not sure if you're speaking of NIOS or BloxOne Threat Defense, but there are ways to access these lists on both platforms via the API.
For NIOS please see the 'Response Policy Zones' header (page 38) in this document: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-infoblox-rest-api.pdf
For BloxOne Threat Defense see the BloxOne Swagger, specifically 'BloxOne Threat Defense Cloud' -> 'named_lists' and 'named_list_items': https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FAtcfw#/named_li...
09-27-2021 11:45 AM
Thanks for the response David
Ah! I should have been more expicit! I should have said "without paying for a feed" .
We are not subscribed to either of the threat feeds. We already have multiple threat feeds, what I want tp do is maintain the blacklist myself from them.
11-05-2021 11:33 AM
11-05-2021 11:45 AM
Last time we looked it was prohibitively expensive given that we are doing this now on the firewall.
It would be more convenient to do it on the DNS servers.
Will check again.
11-05-2021 11:54 AM
Here is a link to do it via API CSV import
02-21-2022 09:58 AM
I'll elaborate a little on what Sif posted. Blacklist (free of charge) is very basic, and can only be managed via CSV import. RPZ (DNS Firewall) is the much better supported product that relies on a feed, and the policies can be manipulated from WAPI.
However, you can create CSV files using whatever program/script you want, and use WAPI CSV function to upload and import it (that's what Sif posted). It's not as clean as RPZ, but it achieves the goal of automating the management of your blacklist rules without paying.