b1td Class

class bloxone.b1td(cfg_file='config.ini')[source]

BloxOne ThreatDefence API Wrapper Covers TIDE and Dossier

default_ttl()[source]
dossier_sources()[source]

Get Sources for Dossier

Returns:Requests response object
Return type:response object
dossier_target_sources(type='host')[source]

Get supported target types for Dossier

Parameters:type (str) – target type
Returns:Request response object
Return type:response object
dossier_target_types()[source]

Get supported target types for Dossier

Returns:Request response object
Return type:response object
dossierquery(query, type='host', sources='all', wait=True)[source]

Simple Dossier Query

Parameters:
  • query (str or list) – single query or list of same type
  • type (str) – “host”, “ip” or “url”
  • sources (str) – set of sources or “all”
Returns:

Requests response object
Return type:

response object
expand_mitre_vector(mitre)[source]

Expand MITRE Vector details

Parameters:mitre (str) – MITRE Vector
Returns:Requests response object
Return type:response object
get(objpath, **params)[source]

Generic get object wrapper for TIDE data objects

Parameters:
  • objpath (str) – Swagger object path
  • action (str) – Optional object action
Returns:

Requests response object
Return type:

response object
historical_threat_counts()[source]

Query Infoblox TIDE for historical threat counts

Returns:Requests response object
Return type:response object
post(objpath, body='')[source]

Generic create object wrapper for ddi objects

Parameters:
  • objpath (str) – Swagger object path
  • body (str) – JSON formatted data payload
Returns:

Requests response object
Return type:

response object
querytide(datatype, query, **params)[source]

Query Infoblox TIDE for all avaialble threat data related to query.

Parameters:
  • datatype (str) – “host”, “ip” or “url”
  • query (str) – query data
Returns:

Requests response object
Return type:

response object
querytideactive(datatype, query, **params)[source]

Query Infoblox TIDE for “active” threat data i.e. threat data that has not expired at time of call

Parameters:
  • datatype (str) – “host”, “ip” or “url”
  • query (str) – query data
Returns:

Requests response object
Return type:

response object
querytidestate(datatype, query, **params)[source]

Query Infoblox TIDE State Tables for specific query

Parameters:
  • datatype (str) – “host”, “ip” or “url”
  • query (str) – query data
Returns:

Requests response object
Return type:

response object
threat_actor(name)[source]

Get Threat Actor details

Parameters:name (str) – Name of Threat Actor
Returns:Requests response object
Return type:response object
threat_classes(**params)[source]

Get list of threat classes

Parameters:

Returns:Requests response object
Return type:response object
threat_counts()[source]

Query Infoblox TIDE for active threat counts

Returns:Requests response object
Return type:response object
threat_properties(threatclass='', **params)[source]

Get list of threat properties

Parameters:threatclass (str) – Threat Class
Returns:Requests response object
Return type:response object
tideactivefeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]

Bulk “active” threat intel download from Infoblox TIDE state tables for specified datatype.

Parameters:
  • datatype (str) – “host”, “ip” or “url”
  • profile (str, optional) – Data provider
  • threatclass (str, optional) – tide data class
  • threatproperty (str, optional) – tide data property
Returns:

Requests response object
Return type:

response object
tidedatafeed(datatype, profile='', threatclass='', threatproperty='', **params)[source]

Bulk threat intel download from Infoblox TIDE for specified datatype. Please use wisely.

Parameters:
  • datatype (str) – “host”, “ip” or “url”
  • profile (str, optional) – Data provider
  • threatclass (str, optional) – tide data class
  • threatproperty (str, optional) – tide data property
Returns:

Requests response object
Return type:

response object