A collection of tools, notes, and templates for integrating the Infoblox NIOS platform with Rapid7
Summary of notes from Infoblox Rapid7 integration based on the Infoblox Deployment Guide
| Name | Purpose |
|---|---|
Rapid7_Nexpose_Login.json.txt |
Rapid7 Login Template |
Rapid7_Nexpose_Logout.json.txt |
Rapid7 Logout Template |
Rapid7_Nexpose_Assets.json.txt |
Rapid7 Assets Template |
Rapid7_Nexpose_Security.json.txt |
Rapid7 Security Templatae |
Rapid7_Nexpose_Session.json.txt |
Rapid7 Session Template |
| Name | Description |
|---|---|
R7_create_EAs.php |
PHP script to create Infoblox Extensible Attributes |
ibx-r7-ea.py |
Python script to create Infoblox EA, retreive R7 Sites and templates |
- All Hosts - RW
- All DHCP v4/v6 Fixed Addresses and Reservations - RW
- All IPv4/IPv6 Networks - RW
- Specify Scan Targets
- Start Unscheduled Scans
- “Site Access” to Sites being used
Warning
R7_LastScan and R7_SyncedAt are updated by the assets management template. These extensible attributes should never be updated manually.
Caution
DHCP ranges should not be synced with Rapid7 due to the amount of traffic that can potentially cause issues with rabbitmq. The parent network should be configured to sync instead.
- R7_AddByHostname adds Host records to R7 Site
- All attributes should be set with “Enable Inheritance”
- All attributes should be set as “recommended” except R7_SyncedAt and R7_LastScan
| Name | Default | Description | Type |
|---|---|---|---|
R7_AddByHostname |
False | Defines if a host should be synced with Rapid7 Nexpose a hostname. The hostname should be resolvable by Nexpose | ENUM |
R7_LastScan |
None | Contains a date when an asset was scanned last time by a request from Infoblox | DATE |
R7_SyncedAt |
None | Contains date/time when the object was synchronized | DATE |
R7_NetToSite |
True | Defines if a network should be added to a site. | ENUM |
R7_RangeToSite |
False | Defines if a range should be added to a site | ENUM |
R7_ScanOnAdd |
True | Defines if an asset should be scanned immediately after creation | ENUM |
R7_ScanOnEvent |
False | Defines if an asset should be scanned if RPZ or DNS Tunneling events are triggered | ENUM |
R7_ScanTemplate |
Defines which Rapid7 Nexpose/ InsightVM scan template to use | ENUM | |
R7_Sync |
True | Defines if an object should be synced with Rapid7 Nexpose | ENUM |
R7_Site |
Defines a Rapid7 Site Name | ENUM | |
R7_SiteID |
None | Contains an internal site ID | INTEGER |
- Setup Python venv
python3 -m venv venv
- Change to new environment
source venv/bin/activate
- Install Required Packages
pip install -r requirements.txt
$ ./ibx-r7-ea.py --help
Usage: ibx-r7-ea.py [OPTIONS]
Options:
Rapid7 Server Options:
--rapid7host TEXT Rapid7 Server
--rapid7user TEXT Rapid7 User
Rapid7 Actions:
--sites List Rapid7 Sites
--templates List Rapid7 Scan Templates
Infoblox Grid Options:
--grdmgr TEXT Infoblox Grid Master
--grdusr TEXT Infoblox Grid User
Infoblox Actions:
--ea List Infoblox R7 Extensible Attributes
Infoblox Creation Actions:
--create Create Infoblox R7 Extensible Attributes
--sync Sync R7 Sites and Templates with Infoblox on EA
creation
--help Show this message and exit.
./ibx-r7-ea.py --rapid7host 10.113.20.40 --rapid7user infoblox --templates
./ibx-r7-ea.py --rapid7host 10.113.20.40 --rapid7user infoblox --sites
./ibx-r7-ea.py --grdmgr 192.168.1.2 --grdusr admin --ea
./ibx-r7-ea.py --rapid7host 10.113.20.40 --rapid7user infoblox --create --grdmgr 192.168.1.2 --grdusr admin
./ibx-r7-ea.py --rapid7host 10.113.20.40 --rapid7user infoblox --create --grdmgr 192.168.1.2 --grdusr admin --sync
