Infoblox BloxOne Threat Defense

the infoblox bloxone threat defense integrates with swimlane turbine to lookup ips, hosts, and urls and query threats prerequisites the infoblox bloxone threat defense asset requires an url and an api key to interact with the api capabilities this connector provides the following capabilities create dossier lookup jobs lookup host lookup ip lookup url lookup hash lookup email get threat intelligence data exchange query threats create dossier lookup jobs there are three available formats for the request body, only one of them should be used at a time the “one” request body searches a single indicator against multiple sources "one" { "type" "host", "target" "test net", "sources" \[ "atp", "rwhois" ] } the “group” request body searches multiple indicators of the same target type against multiple sources "group" { "type" "host", "target" \[ "test net", "ohjeez net", "notagain gg" ], "sources" \[ "atp", "rwhois" ] the “list” request body searches multiple indicators of different target types against multiple sources "list" \[ { "type" "host", "target" "nick com", "sources" \[ "atp" ] }, { "type" "ip", "target" "1 2 3 4", "sources" \[ "geo" ] } ] configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create dossier lookup jobs create dossier lookup job(s) by one or more indicator endpoint url /tide/api/services/intel/lookup/jobs method post input argument name type required description wait string required parameter for create dossier lookup jobs target object optional parameter for create dossier lookup jobs one object optional the “one” request body searches a single indicator against multiple sources type string optional type of the resource target string optional parameter for create dossier lookup jobs sources array optional parameter for create dossier lookup jobs group object optional the “group” request body searches multiple indicators of the same target type against multiple sources type string optional type of the resource target array optional parameter for create dossier lookup jobs sources array optional parameter for create dossier lookup jobs list array optional the “list” request body searches multiple indicators of different target types against multiple sources type string optional type of the resource target string optional parameter for create dossier lookup jobs sources array optional parameter for create dossier lookup jobs output parameter type description status code number http status code of the response reason string response reason phrase status string status value job id string unique identifier job object output field job id string unique identifier state string output field state status string status value create ts number output field create ts create time string time value start ts number output field start ts start time string time value request ttl number output field request ttl result ttl number result of the operation pending tasks array output field pending tasks org string output field org user string output field user authorization string output field authorization tasks tbc number output field tasks tbc tasks object output field tasks 4fe447a9 351b 4034 b450 6ddf7b248c17 object output field 4fe447a9 351b 4034 b450 6ddf7b248c17 id string unique identifier state string output field state status string status value create ts number output field create ts example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "wed, 23 aug 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "status" "pending", "job id" "4644a58d 8002 4af3 b9bd f9c99daca819", "job" {}, "tasks" {} } } ] get tide query threats get active threats by type and optionally indicator endpoint url /tide/api/data/threats/state method get input argument name type required description type string required type of the resource chosentype string optional type of the resource rlimit number optional parameter for get tide query threats distinct string optional parameter for get tide query threats output parameter type description status code number http status code of the response reason string response reason phrase threat array output field threat id string unique identifier type string type of the resource host string output field host domain string output field domain tld string output field tld profile string output field profile origin string output field origin property string output field property class string output field class threat level number output field threat level detected string output field detected received string output field received imported string output field imported dga boolean output field dga up boolean output field up bric score number score value batch id string unique identifier target string output field target threat score number score value record count number count value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "wed, 23 aug 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "threat" \[], "record count" 10969 } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated wed, 23 aug 2023 20 37 23 gmt notes for more information on infoblox bloxone threat defense dossier api documentation https //csp infoblox com/apidoc/?url=https%3a%2f%2fcsp infoblox com%2fapidoc%2fdocs%2ftidedossier#/start lookup/postintellookupjobs tide data service api documentation https //csp infoblox com/apidoc/?url=https%3a%2f%2fcsp infoblox com%2fapidoc%2fdocs%2ftidedata#/threat data apis/getactivethreatsbytype1