Infoblox Platform

Provides a list of reported threats associated with the indicator from the Infoblox Portal.

Data Structure:

  {
    “dropped_count”: integer, 
    “max_request_count”: integer,
    “record_count”: integer, 
    “threat”: [
       {
         “batch_id”: string, 
         “class”: string, 
         “detected”: string, 
         “domain”: string, 
         “host”: string,
         “id”: string, 
         “imported”: string, 
         “ip”: string, 
         “origin”: string, 
         “profile”: string, 
         “property”: string, 
         “received”: string, 
         “target”: string,
         “threat_level”: integer,                                   
         “tld”: string,
         “tlp”: string, 
         “type”: string, 
         “up”: string,
         “url”: string,
         “extended”: { 
           “url_hash”: string
         }
         },

…

Example:

When given an indicator of “moiparks.in”, ATP will return:

    "dropped_count": 0,
    "max_requested_count": "50",
    "record_count": 6, 
    "threat": [
      {
        "batch_id": "c60fb776-a5f8-11e6-898a-95226fae6af8", 
        "class": "Policy",
        "detected": "2016-11-03T22:17:26.000Z",
        "dga": "false",
        "domain": "moiparks.in",
        "expiration": "2016-12-03T22:17:26.000Z",
        "host": "moiparks.in",
        "id": "c6129e0b-a5f8-11e6-898a-95226fae6af8", 
        "imported": "2016-11-08T21:17:37.479Z",
        "ip": "",
        "origin": "",
        "profile": "AIS-FEDGOV",
        "property": "Policy_NCCICwatchlist", 
        "received": "2016-11-08T21:17:37.479Z",
        "target": "", 
        "threat_level": 100, "tld": "in",
        "tlp": "",
        "type": "HOST",
        "up": "true",
        "url": ""
        }, 
      …
    ]
  }

Back

BloxOne Threat Defense

Infoblox Platform

Analytics

Related content