Page tree

Contents

Data Threat API calls are used to search for threat indicators. Submitted threat indicators are also available for the search. The resulting dataset can be formatted in JSON, XML, STIX, CSV, TSV, PSV, and CEF.

The threat indicators can be used by 3rd party solutions, e.g. with Palo Alto NGFW (please check the Infoblox TIDE feeds
into Palo Alto Networks Firewalls
 
deployment guide (PDF) for more information on post-processing.

It is highly recommended to limit the amount of retrieving data by applying filters. The table below contains sample requests using the CURL command.

CURL Command Requests
RequestDescription
curl “https://csp.infoblox.com/api/data/threats/host?profile=IID&dga=false&from_date=2017-06-04T00:00:00Z&data_format=csv&rlimit=100” -u [YOUR_API_KEY]:1000 threat indicators in CSV format which were added after 2017-06-04 GMT (Date/Time is in ISO 8601 format) by Infoblox and are not DGA
curl “https://csp.infoblox.com/api/data/threats/state/host?Profile=IID&data_format=json” -u [YOUR_API_KEY]:All currently active hostname threats detected by Infoblox
curl “https://csp.infoblox.com/api/data/threats?type=host&profile=IID& period=30min&data_format=json” -u [YOUR_API_KEY]:Infoblox-sourced hostnames for the past 30 minutes
curl “https://csp.infoblox.com/api/data/threats?profile=AIS-FEDGOV,iSIGHTPARTNERS& period=1w&data_format=csv ” -u [YOUR_API_KEY]:iSight Partners and DHS AIS IPs for the past week, in CSV format
  • No labels

This page has no comments.