b1td Class¶
-
class
bloxone.
b1td
(cfg_file='config.ini')[source]¶ BloxOne ThreatDefence API Wrapper Covers TIDE and Dossier
-
dossier_sources
()[source]¶ Get Sources for Dossier
- Returns
Requests response object
- Return type
response object
-
dossierquery
(query, type='host', sources='all', wait=True)[source]¶ Simple Dossier Query
- Parameters
query (str) – query data
type (str) – “host”, “ip” or “url”
sources (str) – set of sources or “all”
- Returns
Requests response object
- Return type
response object
-
expand_mitre_vector
(mitre)[source]¶ Expand MITRE Vector details
- Parameters
mitre (str) – MITRE Vector
- Returns
Requests response object
- Return type
response object
-
get
(objpath, **params)[source]¶ Generic get object wrapper for TIDE data objects
- Parameters
objpath (str) – Swagger object path
action (str) – Optional object action
- Returns
Requests response object
- Return type
response object
-
post
(objpath, body='')[source]¶ Generic create object wrapper for ddi objects
- Parameters
objpath (str) – Swagger object path
body (str) – JSON formatted data payload
- Returns
Requests response object
- Return type
response object
-
querytide
(datatype, query, **params)[source]¶ Query Infoblox TIDE for all avaialble threat data related to query.
- Parameters
datatype (str) – “host”, “ip” or “url”
query (str) – query data
- Returns
Requests response object
- Return type
response object
-
querytideactive
(datatype, query, **params)[source]¶ Query Infoblox TIDE for “active” threat data i.e. threat data that has not expired at time of call
- Parameters
datatype (str) – “host”, “ip” or “url”
query (str) – query data
- Returns
Requests response object
- Return type
response object
-
querytidestate
(datatype, query, **params)[source]¶ Query Infoblox TIDE State Tables for specific query
- Parameters
datatype (str) – “host”, “ip” or “url”
query (str) – query data
- Returns
Requests response object
- Return type
response object
-
threat_actor
(name)[source]¶ Get Threat Actor details
- Parameters
name (str) – Name of Threat Actor
- Returns
Requests response object
- Return type
response object
-
threat_classes
(**params)[source]¶ Get list of threat classes
Parameters:
- Returns
Requests response object
- Return type
response object
-
threat_properties
(threatclass='', **params)[source]¶ Get list of threat properties
- Parameters
threatclass (str) – Threat Class
- Returns
Requests response object
- Return type
response object
-
tideactivefeed
(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶ Bulk “active” threat intel download from Infoblox TIDE state tables for specified datatype.
- Parameters
datatype (str) – “host”, “ip” or “url”
profile (str, optional) – Data provider
threatclass (str, optional) – tide data class
threatproperty (str, optional) – tide data property
- Returns
Requests response object
- Return type
response object
-
tidedatafeed
(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶ Bulk threat intel download from Infoblox TIDE for specified datatype. Please use wisely.
- Parameters
datatype (str) – “host”, “ip” or “url”
profile (str, optional) – Data provider
threatclass (str, optional) – tide data class
threatproperty (str, optional) – tide data property
- Returns
Requests response object
- Return type
response object
-