b1td Class¶
-
class
bloxone.b1td(cfg_file='config.ini')[source]¶ BloxOne ThreatDefence API Wrapper Covers TIDE and Dossier
-
dossier_sources()[source]¶ Get Sources for Dossier
Returns: Requests response object Return type: response object
-
dossierquery(query, type='host', sources='all')[source]¶ Simple Dossier Query
Parameters: - query (str) – query data
- type (str) – “host”, “ip” or “url”
- sources (str) – set of sources or “all”
Returns: Requests response object
Return type: response object
-
expand_mitre_vector(mitre)[source]¶ Expand MITRE Vector details
Parameters: mitre (str) – MITRE Vector Returns: Requests response object Return type: response object
-
get(objpath, action='', **params)[source]¶ Generic get object wrapper for TIDE data objects
Parameters: - objpath (str) – Swagger object path
- action (str) – Optional object action
Returns: Requests response object
Return type: response object
-
post(objpath, body='')[source]¶ Generic create object wrapper for ddi objects
Parameters: - objpath (str) – Swagger object path
- body (str) – JSON formatted data payload
Returns: Requests response object
Return type: response object
-
querytide(datatype, query, **params)[source]¶ Query Infoblox TIDE for all avaialble threat data related to query.
Parameters: - datatype (str) – “host”, “ip” or “url”
- query (str) – query data
Returns: Requests response object
Return type: response object
-
querytideactive(datatype, query, **params)[source]¶ Query Infoblox TIDE for “active” threat data i.e. threat data that has not expired at time of call
Parameters: - datatype (str) – “host”, “ip” or “url”
- query (str) – query data
Returns: Requests response object
Return type: response object
-
querytidestate(datatype, query, **params)[source]¶ Query Infoblox TIDE State Tables for specific query
Parameters: - datatype (str) – “host”, “ip” or “url”
- query (str) – query data
Returns: Requests response object
Return type: response object
-
threat_actor(name)[source]¶ Get Threat Actor details
Parameters: name (str) – Name of Threat Actor Returns: Requests response object Return type: response object
-
threat_classes(**params)[source]¶ Get list of threat classes
Parameters:
Returns: Requests response object Return type: response object
-
threat_properties(threatclass='', **params)[source]¶ Get list of threat properties
Parameters: threatclass (str) – Threat Class Returns: Requests response object Return type: response object
-
tideactivefeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]¶ Bulk “active” threat intel download from Infoblox TIDE state tables for specified datatype.
Parameters: - datatype (str) – “host”, “ip” or “url”
- profile (str, optional) – Data provider
- threatclass (str, optional) – tide data class
- threatproperty (str, optional) – tide data property
Returns: Requests response object
Return type: response object
-