Infoblox::DNS::FireEyeRuleMapping - FireEye Rule Mapping object
The rule map object is used to configure rule mapping for FireEye devices and Response Policy Zones.
my $rulemapping = Infoblox::DNS::FireEye::Rulemapping->new( fireeye_alert_mapping => [$am1, am2, ...], #Optional apt_override => "PASSTHRU" | "NXDOMAIN" | "NODATA" | "SUBSTITUTE" | "NOOVERRIDE", #Optional substituted_domain_name => $fqdn, #Optional );
The following functions are available to apply to a FireEye Alert Map object.
Use this function to specify the alert map for this rule mapping. See Infoblox::DNS::Zone->fireeye_rule_mapping() for parameters and return values.
my $am1 = Infoblox::DNS::FireEye::AlertMap->new( alert_type => 'INFECTION_MATCH', rpz_rule => 'PASSTHRU', lifetime => 0, );
unless($am1) { die("Construct member failed: ", Infoblox::status_code() . ":" . Infoblox::status_detail()); }
my $am2 = Infoblox::DNS::FireEye::AlertMap->new( alert_type => 'WEB_INFECTION', rpz_rule => 'NONE', lifetime => 1234, );
unless($am2) { die("Construct member failed: ", Infoblox::status_code() . ":" . Infoblox::status_detail()); }
my $rm = Infoblox::DNS::FireEye::RuleMapping->new( fireeye_alert_mapping => [$am1, $am2], apt_override => 'SUBSTITUTE', substituted_domain_name => 'somedomain.com' ); $rpz_zone->rpz_type('FIREEYE'); $rpz_zone->fireeye_rule_mapping($rm);
my $response = $session->modify($rpz_zone) unless($response) { die("Modify zone failed: ", session->status_code() . ":" . session->status_detail()); } print "Zone modified successfully\n";
Use this method to set or retrieve the APT override.
The valid value is one of "PASSTHRU", "NXDOMAIN", "NODATA", "SUBSTITUTE" or "NOOVERRIDE".
If you specified a parameter, the method returns true when the modification succeeds, and returns false when the operation fails.
If you did not specify a parameter, the method returns the attribute value.
#Get apt_override my $apt_override = $rm->apt_override(); #Modify apt_override $rm->apt_override("NOOVERRIDE");
Use this method to set or retrieve the FireEye alert mapping.
Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
An array of the Infoblox::DNS::FireEye::AlertMap manpage objects.
#Get fireeye_alert_mapping my $fireeye_alert_mapping = $zone->fireeye_alert_mapping(); #Modify fireeye_alert_mapping $rm->fireeye_alert_mapping([$am1, $am2]);
Use this method to set or retrieve the domain name to be substituted, this is applicable only when apt_override is set to "SUBSTITUTE".
Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
The domain name to use.
If you specified a parameter, the method returns true when the modification succeeds, and returns false when the operation fails.
If you did not specify a parameter, the method returns the attribute value.
#Get substituted_domain_name my $substituted_domain_name = $rm->substituted_domain_name(); #Modify substituted_domain_name $rm->substituted_domain_name("somedomain.com");
Infoblox Inc. http://www.infoblox.com/
Infoblox::DNS::Zone, Infoblox::DNS::Zone
Copyright (c) 2017 Infoblox Inc.