grid:threatinsight : Grid threat insight object.¶
To mitigate DNS data exfiltration, Infoblox DNS threat insight employs analytics algorithms that analyze incoming DNS queries and responses to detect DNS tunneling traffic.
The Grid threat insight object contains settings and information about updates download, and mitigation response policy zone to which queries on blocklisted domains are transfered.
Object Reference¶
References to grid:threatinsight are object references.
The name part of the Grid threat insight object reference has the following components:
The name of the Grid
- Example:
grid:threatinsight/ ZG5zLm9wdGlvbl9kZWZpbml0aW9uJGluZm8uLmZhbHNlLjI1Mg:Infoblox
Restrictions¶
The object does not support the following operations:
Create (insert)
Delete
CSV export
The object cannot be managed on Cloud Platform members.
Fields¶
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): enable_auto_download, enable_scheduled_download, module_update_policy, name.
allowlist_update_policy¶
- allowlist_update_policy¶
allowlist update policy (manual or automatic)
Type
String.
- Valid values are:
AUTOMATIC
MANUAL
Create
The default value is AUTOMATIC.
Search
The field is not available for search.
configure_domain_collapsing¶
- configure_domain_collapsing¶
Disable domain collapsing at grid level
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
current_allowlist¶
- current_allowlist¶
The Grid allowlist.
Type
String.
This field supports nested return fields as described here.
Search
The field is not available for search.
Notes
The current_allowlist cannot be updated.
current_allowlist cannot be written.
current_moduleset¶
- current_moduleset¶
The current threat insight module set.
Type
String.
This field supports nested return fields as described here.
Search
The field is not available for search.
Notes
The current_moduleset cannot be updated.
current_moduleset cannot be written.
dns_tunnel_block_list_rpz_zones¶
- dns_tunnel_block_list_rpz_zones¶
The list of response policy zones for DNS tunnelling requests.
Type
A/An zone_rp object array.
This field supports nested return fields as described here.
Create
The default value is empty.
Search
The field is not available for search.
domain_collapsing_level¶
- domain_collapsing_level¶
Level of domain collapsing
Type
Unsigned integer.
Create
The default value is 2.
Search
The field is not available for search.
enable_allowlist_auto_download¶
- enable_allowlist_auto_download¶
Indicates whether auto download service is enabled
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
enable_allowlist_scheduled_download¶
- enable_allowlist_scheduled_download¶
Indicates whether the custom scheduled settings for auto download is enabled. If false then default frequency is once per 24 hours
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
enable_auto_download¶
- enable_auto_download¶
Determines whether the automatic threat insight module set download is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Notes
The enable_auto_download is part of the base object.
enable_scheduled_download¶
- enable_scheduled_download¶
Determines whether the scheduled download of the threat insight module set is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Notes
The enable_scheduled_download is part of the base object.
last_allowlist_update_time¶
- last_allowlist_update_time¶
The last update time for the threat insight allowlist.
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_allowlist_update_time cannot be updated.
last_allowlist_update_time cannot be written.
last_allowlist_update_version¶
- last_allowlist_update_version¶
The version number of the last updated threat insight allowlist.
Type
String.
Search
The field is not available for search.
Notes
The last_allowlist_update_version cannot be updated.
last_allowlist_update_version cannot be written.
last_checked_for_allowlist_update¶
- last_checked_for_allowlist_update¶
Timestamp of last checked allowlist
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_checked_for_allowlist_update cannot be updated.
last_checked_for_allowlist_update cannot be written.
last_checked_for_package_update¶
- last_checked_for_package_update¶
The last update time for the threat analytics moduleset package.
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_checked_for_package_update cannot be updated.
last_checked_for_package_update cannot be written.
last_checked_for_update¶
- last_checked_for_update¶
The last time when the threat insight module set was checked for the update.
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_checked_for_update cannot be updated.
last_checked_for_update cannot be written.
last_module_update_time¶
- last_module_update_time¶
The last update time for the threat insight module set.
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_module_update_time cannot be updated.
last_module_update_time cannot be written.
last_module_update_version¶
- last_module_update_version¶
The version number of the last updated threat insight module set.
Type
String.
Search
The field is not available for search.
Notes
The last_module_update_version cannot be updated.
last_module_update_version cannot be written.
last_updated_package_version¶
- last_updated_package_version¶
The version number of the last updated Moduleset package.
Type
String.
Search
The field is not available for search.
Notes
The last_updated_package_version cannot be updated.
last_updated_package_version cannot be written.
module_update_policy¶
- module_update_policy¶
The update policy for the threat insight module set.
Type
String.
- Valid values are:
AUTOMATIC
MANUAL
Create
The default value is AUTOMATIC.
Search
The field is not available for search.
Notes
The module_update_policy is part of the base object.
name¶
- name¶
The Grid name.
Type
String.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The name is part of the base object.
The name cannot be updated.
name cannot be written.
scheduled_allowlist_download¶
- scheduled_allowlist_download¶
Schedule setting for automatic allowlist update run
Type
A/An Schedule Setting struct.
Create
The default value is empty.
Search
The field is not available for search.
scheduled_download¶
- scheduled_download¶
The schedule settings for the threat insight module set download.
Type
A/An Schedule Setting struct.
Create
The default value is empty.
Search
The field is not available for search.
Function Calls¶
download_threat_insight_allowlist_update¶
Use this method to download and apply update for the threat insight allowlist.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
is_allowlist ( Bool. ). This parameter is mandatory. Parameter to differentiate whether it is allowlist or moduleset
Output fields
None
download_threat_insight_moduleset_update¶
Use this method to download and apply update for the threat insight moduleset.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
None
move_blocklist_rpz_to_allow_list¶
Use this function to replace blocklist RPZ with threat insight Allow lists.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
rpz_cnames ( A/An record:rpz:cname object array. ). This parameter is mandatory. The list of RPZ CNAME records to be replaced with threat insight allowlists.
Output fields
None
set_last_uploaded_threat_insight_moduleset¶
Use this method to set last uploaded threat insight moduleset and allowlist.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
moduleset_token ( String. ). This parameter is mandatory. The token returned by the uploadinit function call in object fileop.
Output fields
None
test_threat_insight_server_connectivity¶
Use this method to test threat insight server connectivity.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
error_messages ( String array. ) The list of error messages for failed connectivty test.
overall_status ( String. Valid values are: “FAILED”, “SUCCESS” ) The overall connectivity test status.
update_threat_insight_moduleset¶
Use this method to update threat insight moduleset and allowlist.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
None
Fields List¶
Field |
Type |
Req |
R/O |
Base |
Search |
|---|---|---|---|---|---|
allowlist_update_policy |
String |
N |
N |
N |
N/A |
configure_domain_collapsing |
Bool |
N |
N |
N |
N/A |
current_allowlist |
String |
N |
Y |
N |
N/A |
current_moduleset |
String |
N |
Y |
N |
N/A |
dns_tunnel_block_list_rpz_zones |
[obj] |
N |
N |
N |
N/A |
domain_collapsing_level |
Unsigned int |
N |
N |
N |
N/A |
enable_allowlist_auto_download |
Bool |
N |
N |
N |
N/A |
enable_allowlist_scheduled_download |
Bool |
N |
N |
N |
N/A |
enable_auto_download |
Bool |
N |
N |
Y |
N/A |
enable_scheduled_download |
Bool |
N |
N |
Y |
N/A |
last_allowlist_update_time |
Timestamp |
N |
Y |
N |
N/A |
last_allowlist_update_version |
String |
N |
Y |
N |
N/A |
last_checked_for_allowlist_update |
Timestamp |
N |
Y |
N |
N/A |
last_checked_for_package_update |
Timestamp |
N |
Y |
N |
N/A |
last_checked_for_update |
Timestamp |
N |
Y |
N |
N/A |
last_module_update_time |
Timestamp |
N |
Y |
N |
N/A |
last_module_update_version |
String |
N |
Y |
N |
N/A |
last_updated_package_version |
String |
N |
Y |
N |
N/A |
module_update_policy |
String |
N |
N |
Y |
N/A |
name |
String |
N |
Y |
Y |
= |
scheduled_allowlist_download |
struct |
N |
N |
N |
N/A |
scheduled_download |
struct |
N |
N |
N |
N/A |
