b1td Class¶
- class bloxone.b1td(cfg_file='config.ini', api_key='', url='https://csp.infoblox.com', api_version='v1')[source]¶
BloxOne ThreatDefence API Wrapper Covers TIDE and Dossier
- dossier_sources()[source]¶
Get Sources for Dossier
- Returns
Requests response object
- Return type
response object
- dossier_target_sources(type='host')[source]¶
Get supported target types for Dossier
- Parameters
type (str) – target type
- Returns
Request response object
- Return type
response object
- dossier_target_types()[source]¶
Get supported target types for Dossier
- Returns
Request response object
- Return type
response object
- dossierquery(query, type='host', sources='all', wait=True)[source]¶
Simple Dossier Query
- Parameters
query (str or list) – single query or list of same type
type (str) – “host”, “ip” or “url”
sources (str) – set of sources or “all”
- Returns
Requests response object
- Return type
response object
- expand_mitre_vector(mitre)[source]¶
Expand MITRE Vector details
- Parameters
mitre (str) – MITRE Vector
- Returns
Requests response object
- Return type
response object
- get(objpath, **params)[source]¶
Generic get object wrapper for TIDE data objects
- Parameters
objpath (str) – Swagger object path
action (str) – Optional object action
- Returns
Requests response object
- Return type
response object
- get_countries()[source]¶
Get Countries and Country Code Data
- Parameters
None –
- Returns
Requests response object
- Return type
response object
- get_country_ips(country='', **params)[source]¶
Get IPs for specified countries or complete dataset
- Parameters
country – Country or Country Code to retrieve
- Returns
Requests response object
- Return type
response object
- Raises
CountryISOCodeNotFound –
- get_country_isocode(country='')[source]¶
Get ISO Code for specified country
- Parameters
country (str) – Name of Country
- Returns
ISO Code of Country or None if no match
- Return type
isocode (str)
- historical_threat_counts()[source]¶
Query Infoblox TIDE for historical threat counts
- Returns
Requests response object
- Return type
response object
- post(objpath, body='')[source]¶
Generic create object wrapper for ddi objects
- Parameters
objpath (str) – Swagger object path
body (str) – JSON formatted data payload
- Returns
Requests response object
- Return type
response object
- querytide(datatype, query, **params)[source]¶
Query Infoblox TIDE for all avaialble threat data related to query.
- Parameters
datatype (str) – “host”, “ip” or “url”
query (str) – query data
- Returns
Requests response object
- Return type
response object
- querytideactive(datatype, query, **params)[source]¶
Query Infoblox TIDE for “active” threat data i.e. threat data that has not expired at time of call
- Parameters
datatype (str) – “host”, “ip” or “url”
query (str) – query data
- Returns
Requests response object
- Return type
response object
- querytidestate(datatype, query, **params)[source]¶
Query Infoblox TIDE State Tables for specific query
- Parameters
datatype (str) – “host”, “ip” or “url”
query (str) – query data
- Returns
Requests response object
- Return type
response object
- threat_actor(name)[source]¶
Get Threat Actor details
- Parameters
name (str) – Name of Threat Actor
- Returns
Requests response object
- Return type
response object
- threat_classes(**params)[source]¶
Get list of threat classes
Parameters:
- Returns
Requests response object
- Return type
response object
- threat_counts()[source]¶
Query Infoblox TIDE for active threat counts
- Returns
Requests response object
- Return type
response object
- threat_properties(threatclass='', **params)[source]¶
Get list of threat properties
- Parameters
threatclass (str) – Threat Class
- Returns
Requests response object
- Return type
response object
- tideactivefeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶
Bulk “active” threat intel download from Infoblox TIDE state tables for specified datatype.
- Parameters
datatype (str) – “host”, “ip” or “url”
profile (str, optional) – Data provider
threatclass (str, optional) – tide data class
threatproperty (str, optional) – tide data property
- Returns
Requests response object
- Return type
response object
- tidedatafeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶
Bulk threat intel download from Infoblox TIDE for specified datatype. Please use wisely.
- Parameters
datatype (str) – “host”, “ip” or “url”
profile (str, optional) – Data provider
threatclass (str, optional) – tide data class
threatproperty (str, optional) – tide data property
- Returns
Requests response object
- Return type
response object