b1td Class

class bloxone.b1td(cfg_file='config.ini', api_key='', url='https://csp.infoblox.com', api_version='v1')[source]

BloxOne ThreatDefence API Wrapper Covers TIDE and Dossier

default_ttl()[source]
dossier_sources()[source]

Get Sources for Dossier

Returns

Requests response object

Return type

response object

dossier_target_sources(type='host')[source]

Get supported target types for Dossier

Parameters

type (str) – target type

Returns

Request response object

Return type

response object

dossier_target_types()[source]

Get supported target types for Dossier

Returns

Request response object

Return type

response object

dossierquery(query, type='host', sources='all', wait=True)[source]

Simple Dossier Query

Parameters
  • query (str or list) – single query or list of same type

  • type (str) – “host”, “ip” or “url”

  • sources (str) – set of sources or “all”

Returns

Requests response object

Return type

response object

expand_mitre_vector(mitre)[source]

Expand MITRE Vector details

Parameters

mitre (str) – MITRE Vector

Returns

Requests response object

Return type

response object

get(objpath, **params)[source]

Generic get object wrapper for TIDE data objects

Parameters
  • objpath (str) – Swagger object path

  • action (str) – Optional object action

Returns

Requests response object

Return type

response object

get_countries()[source]

Get Countries and Country Code Data

Parameters

None

Returns

Requests response object

Return type

response object

get_country_ips(country='', **params)[source]

Get IPs for specified countries or complete dataset

Parameters

country – Country or Country Code to retrieve

Returns

Requests response object

Return type

response object

Raises

CountryISOCodeNotFound

get_country_isocode(country='')[source]

Get ISO Code for specified country

Parameters

country (str) – Name of Country

Returns

ISO Code of Country or None if no match

Return type

isocode (str)

historical_threat_counts()[source]

Query Infoblox TIDE for historical threat counts

Returns

Requests response object

Return type

response object

post(objpath, body='')[source]

Generic create object wrapper for ddi objects

Parameters
  • objpath (str) – Swagger object path

  • body (str) – JSON formatted data payload

Returns

Requests response object

Return type

response object

querytide(datatype, query, **params)[source]

Query Infoblox TIDE for all avaialble threat data related to query.

Parameters
  • datatype (str) – “host”, “ip” or “url”

  • query (str) – query data

Returns

Requests response object

Return type

response object

querytideactive(datatype, query, **params)[source]

Query Infoblox TIDE for “active” threat data i.e. threat data that has not expired at time of call

Parameters
  • datatype (str) – “host”, “ip” or “url”

  • query (str) – query data

Returns

Requests response object

Return type

response object

querytidestate(datatype, query, **params)[source]

Query Infoblox TIDE State Tables for specific query

Parameters
  • datatype (str) – “host”, “ip” or “url”

  • query (str) – query data

Returns

Requests response object

Return type

response object

threat_actor(name)[source]

Get Threat Actor details

Parameters

name (str) – Name of Threat Actor

Returns

Requests response object

Return type

response object

threat_classes(**params)[source]

Get list of threat classes

Parameters:

Returns

Requests response object

Return type

response object

threat_counts()[source]

Query Infoblox TIDE for active threat counts

Returns

Requests response object

Return type

response object

threat_properties(threatclass='', **params)[source]

Get list of threat properties

Parameters

threatclass (str) – Threat Class

Returns

Requests response object

Return type

response object

tideactivefeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]

Bulk “active” threat intel download from Infoblox TIDE state tables for specified datatype.

Parameters
  • datatype (str) – “host”, “ip” or “url”

  • profile (str, optional) – Data provider

  • threatclass (str, optional) – tide data class

  • threatproperty (str, optional) – tide data property

Returns

Requests response object

Return type

response object

tidedatafeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]

Bulk threat intel download from Infoblox TIDE for specified datatype. Please use wisely.

Parameters
  • datatype (str) – “host”, “ip” or “url”

  • profile (str, optional) – Data provider

  • threatclass (str, optional) – tide data class

  • threatproperty (str, optional) – tide data property

Returns

Requests response object

Return type

response object