Infoblox BloxOne Threat Defense

the infoblox bloxone threat defense integrates with swimlane turbine to lookup ips, hosts, and urls and query threats prerequisites the infoblox bloxone threat defense asset requires an url and an api key to interact with the api capabilities this connector provides the following capabilities create dossier lookup jobs lookup host lookup ip lookup url lookup hash lookup email get threat intelligence data exchange query threats create dossier lookup jobs there are three available formats for the request body, only one of them should be used at a time the “one” request body searches a single indicator against multiple sources "one" { "type" "host", "target" "test net", "sources" \[ "atp", "rwhois" ] } the “group” request body searches multiple indicators of the same target type against multiple sources "group" { "type" "host", "target" \[ "test net", "ohjeez net", "notagain gg" ], "sources" \[ "atp", "rwhois" ] the “list” request body searches multiple indicators of different target types against multiple sources "list" \[ { "type" "host", "target" "nick com", "sources" \[ "atp" ] }, { "type" "ip", "target" "1 2 3 4", "sources" \[ "geo" ] } ] notes for more information on infoblox bloxone threat defense https //csp infoblox com/apidoc/?url=https%3a%2f%2fcsp infoblox com%2fapidoc%2fdocs%2ftidedossier#/start lookup/postintellookupjobs https //csp infoblox com/apidoc/?url=https%3a%2f%2fcsp infoblox com%2fapidoc%2fdocs%2ftidedata#/threat data apis/getactivethreatsbytype1 configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create dossier lookup jobs create dossier lookup job(s) by one or more indicator endpoint url /tide/api/services/intel/lookup/jobs method post input argument name type required description parameters wait string required parameters for the create dossier lookup jobs action target object optional parameter for create dossier lookup jobs target one object optional the “one” request body searches a single indicator against multiple sources target one type string optional type of the resource target one target string optional parameter for create dossier lookup jobs target one sources array optional parameter for create dossier lookup jobs target group object optional the “group” request body searches multiple indicators of the same target type against multiple sources target group type string optional type of the resource target group target array optional parameter for create dossier lookup jobs target group sources array optional parameter for create dossier lookup jobs target list array optional the “list” request body searches multiple indicators of different target types against multiple sources target list type string optional type of the resource target list target string optional parameter for create dossier lookup jobs target list sources array optional parameter for create dossier lookup jobs input example {"parameters" {"wait" "true"},"json body" {"target" {"one" {"type" "host","target" "test net","sources" \["atp","rwhois"]},"group" {"type" "host","target" \["test net","ohjeez net","notagain gg"],"sources" \["atp","rwhois"]},"list" \[{"type" "host","target" "nick com","sources" \["atp"]},{"type" "ip","target" "1 2 3 4","sources" \["geo"]}]}}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value job id string unique identifier job object output field job job id string unique identifier job state string output field job state job status string status value job create ts number output field job create ts job create time string time value job start ts number output field job start ts job start time string time value job request ttl number output field job request ttl job result ttl number result of the operation job pending tasks array output field job pending tasks job org string output field job org job user string output field job user job authorization string output field job authorization job tasks tbc number output field job tasks tbc tasks object output field tasks tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 object output field tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 id string unique identifier tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 state string output field tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 state tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 status string status value tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 create ts number output field tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 create ts output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "wed, 23 aug 2023 20 37 23 gmt"},"reason" "ok","json body" {"status" "pending","job id" "4644a58d 8002 4af3 b9bd f9c99daca819","job" {"id" "4644a58d 8002 4af3 b9bd f9c99daca819","state" "created","status" "pending","create ts" 1622177396366,"create time" "2021 05 28t04 49 56 366223569z","start ts" 1622177396366,"start time" "2021 05 28t04 49 56 366223569z","request ttl" 0,"result ttl" 3600,"pen get tide query threats get active threats by type and optionally indicator endpoint url /tide/api/data/threats/state method get input argument name type required description parameters type string required parameters for the get tide query threats action parameters chosentype string optional parameters for the get tide query threats action parameters rlimit number optional parameters for the get tide query threats action parameters distinct string optional parameters for the get tide query threats action input example {"parameters" {"type" "host","chosentype" "eicar co","rlimit" 2,"distinct" "property"}} output parameter type description status code number http status code of the response reason string response reason phrase threat array output field threat threat id string unique identifier threat type string type of the resource threat host string output field threat host threat domain string output field threat domain threat tld string output field threat tld threat profile string output field threat profile threat origin string output field threat origin threat property string output field threat property threat class string output field threat class threat threat level number output field threat threat level threat detected string output field threat detected threat received string output field threat received threat imported string output field threat imported threat dga boolean output field threat dga threat up boolean output field threat up threat bric score number score value threat batch id string unique identifier threat target string output field threat target threat threat score number score value record count number count value output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "wed, 23 aug 2023 20 37 23 gmt"},"reason" "ok","json body" {"threat" \[{}],"record count" 10969}} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated wed, 23 aug 2023 20 37 23 gmt