Document toolboxDocument toolbox

RPZ Feeds API

Owned by Gary Leicht
Jun 21, 2023
2 min read

RPZ Feeds

The RPZ Feeds worker returns matching host or IP records in Infoblox generated RPZ feeds which consist of active threat records matching certain classes, properties, or other characteristics.


Data Structure:

{
     "records": [
     {
     "class": string, 
     "detected": string, 
     "expiration": string, 
     "feed_name": string, 
     "indicator": string, 
     "property": string, 
     "threat_level": integer
     },...
     ]
}


Example:

Given an indicator of "eicar.co", RPZ Feeds will return the following:


{
     "records": [
          {
                   "class": "MaliciousNameserver", 
                   "detected": "2016-11-09T22:55:27Z", 
                   "expiration": "2038-01-19T22:55:27Z",
                   "feed_name": "base", 
                   "indicator": eicor.co, 
                   "property": "MaliciousNameserver_Generic",  
                   "threat_level": 100
      }
      ]
}

Back