InfoBlox DDI
InfoBlox DDI (DHCP, DNS, and IP address management) is a network management tool that monitors several network services, such as DHCP, DNS, and IP address activity. You can bring host and network data from InfoBlox DDI into Brinqa to gain a comprehensive view of your network's attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with InfoBlox DDI and how to obtain that information from InfoBlox. See create a data integration for step-by-step instructions on setting up the integration.
The InfoBlox DDI connector has been tested and verified with InfoBlox DDI v8.6.2 and above. Compatibility and functionality may differ if you are using other versions of InfoBlox DDI.
Required connection settings
When setting up a data integration, select InfoBlox DDI from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate InfoBlox DDI with Brinqa:
-
InfoBlox server: Your organization's InfoBlox DDI server URL. The default format is
https://<servername>
. -
Username and Password: The username and password associated with the InfoBlox user, which must have permissions to log in to the API server and return data.
InfoBlox DDI permissions
For the InfoBlox DDI connector to access the InfoBlox API and retrieve data, the account used in the integration configuration must have the appropriate permissions and API access.
To create the necessary role and user group with the required permissions, follow these steps:
-
Log in to your organization's InfoBlox DDI portal as an administrator.
-
Navigate to Administration > Administrators > Roles and click + to create a new role.
-
Enter a Name for the new role and click Next.
-
On the Extensible Attributes page, click Next, then click Save & Add Permissions.
-
On the Permissions page, click + and add the following
Read-Only
permissions to the new role:All Hosts
All IPv4 Host Addresses
All IPv4 Networks
All IPv6 Host Addresses
All IPv6 Networks
All Network Views
Port Control
-
Click Save & Close.
-
Navigate to Administration > Administrators > Groups and click + to create a new group.
-
Enter a Name for the new group and click Next.
-
Under Allowed Interfaces, select API, then click +.
-
Click Custom Roles, select the custom role you created in the earlier steps, and then click Save & Close.
-
Navigate to Administration > Administrators > Users.
-
Select the user you want to add to the group, and then click Edit.
This should be the user whose credentials are entered in the integration configuration.
-
In the Available User Groups table, select the group you created in the earlier steps.
-
Click Save & Close.
If you do not have permissions to create a new role and group, contact your InfoBlox DDI administrator. For additional information, see the InfoBlox DDI documentation on Creating Roles, Creating User Groups, and Editing Users.
Additional settings
The InfoBlox DDI connector contains an additional option for configuration:
- Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The InfoBlox connector can retrieve the following types of data from the InfoBlox API:
Table 1: Data retrieved from InfoBlox DDI
Connector Object | Required | Maps to Data Model |
---|---|---|
Host | No | Host |
Network | No | IP Range |
For detailed steps on how to view the data retrieved from InfoBlox DDI in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
- Host
- Network
Table 2: Host attribute mappings
Source Field Name | Maps to Attribute |
---|---|
_REF | uid |
ASSET_CATEGORY_HOST | categories |
DNS_NAME | dnsNames, publicDnsNames, privateDnsNames |
NAME | name |
Table 3: Network attribute mappings
Source Field Name | Maps to Attribute |
---|---|
_REF | uid |
ASSET_CATEGORY_NETWORK | categories |
COMMENT | description |
EMAIL_LIST | emails |
NETWORK | name |
Operation options
The InfoBlox DDI connector supports the following operation options. See connector operation options for information about how to apply them.
Table 4: InfoBlox DDI connector operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Host | QUERY | Any valid query expression | Filter hosts based on specific query conditions as supported by InfoBlox NIOS API. | Key: QUERY Value: disable=false . This key and value combination only retrieves active hosts. |
Network | QUERY | Any valid query expression | Filter networks based on specific query conditions as supported by InfoBlox NIOS API. | Key: QUERY Value: network:~ = localdomain&platform=VNIOS . This key and value combination only retrieves networks matching the localdomain and platform=VNIOS . |
ATTRS_TO_GET | Any valid attribute names | A comma-separated list of attributes. Specify the attributes to retrieve for networks. | Key: ATTRS_TO_GET Value: [network,comment,email_list,disable,netmask] . This key and value combination only retrieves the specified attributes for networks. |
APIs
The InfoBlox DDI connector uses the InfoBlox NIOS API v1.
Table 5: InfoBlox DDI API Endpoints
Connector Object | API Endpoints |
---|---|
Host | GET /wapi/v{version}/record:host |
GET /wapi/v{version}/extensibleattributedef | |
Network | GET /wapi/v{version}/network |
GET /wapi/v{version}/extensibleattributedef |
Changelog
The InfoBlox DDI connector has undergone the following changes:
3.0.0
- Initial Integration+ release.