Page tree

Contents

TIDE threat indicators can be used by 3rd party solutions, e.g. with Palo Alto NGFW (please check Implementing Infoblox TIDE feeds into Palo Alto Networks Firewalls deployment guide for details) after a simple post-processing.

It is highly recommended to limit the amount of retrieving data by applying filters. The table below contains sample requests using CURL command.

CURL Command Requests
RequestDescription
curl “https://csp.infoblox.com/api/data/threats/host?profile=IID&dga=false&from_date=2017-06-04T00:00:00Z&data_format=csv&rlimit=100” -u [YOUR_API_KEY]:1000 threat indicators in CSV format which were added after 2017-06-04 GMT (Date/Time is in ISO 8601 format) by Infoblox and are not DGA.
curl “https://csp.infoblox.com/api/data/threats/state/host?Profile=IID&data_format=json” -u [YOUR_API_KEY]:All currently active hostname threats detected by Infoblox (IID)
curl “https://csp.infoblox.com/api/data/threats?type=host&profile=IID& period=30min&data_format=json” -u [YOUR_API_KEY]:Infoblox-sourced hostnames for the past 30 minutes.
curl “https://csp.infoblox.com/api/data/threats?profile=AIS-FEDGOV,iSIGHTPARTNERS& period=1w&data_format=csv ” -u [YOUR_API_KEY]:iSight Partners and DHS AIS IPs for the past week, in CSV format.
  • No labels

This page has no comments.