InfoBlox BloxOneDDI & BloxOne Threat Defense Powershell Module
A series of PowerShell Cmdlets used to interact with the InfoBlox BloxOne APIs.
Key Features • How To Use • Github • Resources • License • Powershell Gallery
Key Features¶
- Automate end-to-end deployments of BloxOne
- Create, Edit & Remove objects from BloxOne Cloud (Records, Subnets, Ranges, Zones, HAGroups, etc.)
- Apply DNS/DHCP Configuration Policies to On-Prem hosts
- Deploy Azure, VMware & Hyper-V BloxOne Appliances
- Deploy / Configure / Manage Hosts & Services
- Query DNS/DHCP/Host/Audit/Security logs
- Interact with the TIDE API
- Build custom scripts/functions leveraging the BloxOne Wrapper Cmdlets.
- Fully featured NIOS Wrapper using Native API or BloxOne Federation NIOS Wrapper Cmdlets
- Automate the world!
Feature Requests¶
- If the cmdlet you are looking for is not yet built into the Module, you can raise a feature request via Github Issues.
- You can also use this module as a generic wrapper by leveraging the: BloxOne Wrapper Cmdlets & NIOS Wrapper Cmdlets.
How To Use¶
The easiest option to install the ibPS Module is to use the PowerShell Gallery.
Loading ibPS Module¶
You can either load the cmdlets directly, or Import/Install it as a PowerShell Module.
Installing from Powershell Gallery¶
# Install for all users (Requires run as administrator)
Install-Module -Name ibPS -Scope AllUsers
# Install for current user
Install-Module -Name ibPS -Scope CurrentUser
Installing from Github¶
You can install from source directly from Github using the command below.
You can optionally also append the branch name at the end, as shown below
Installing/Updating with Install.ps1¶
You can install with the Install.ps1 script.
# Clone this repository on Windows
$ git clone https://github.com/TehMuffinMoo/ibPS/
# Go into the repository
$ cd ibPS/
# Install Module
. .\Install.ps1
# Non-Interactive Install Module
. .\Install.ps1 -Selection i
Updating ibPS automatically¶
# You can upgrade ibPS directly from the module by using the following cmdlet
Get-ibPSVersion -Update
Explicitly Import Module¶
# You can import the module directly by using;
Import-Module -Name ".\Modules\ibPS\BloxOne-Main.psm1" -DisableNameChecking
Explicitly Import Functions¶
Authentication (API Key)¶
In order to authenticate against the BloxOne CSP (Cloud Services Portal), you must first set your API Key. There are a few ways to do this, depending on your use-case.
Managing a single BloxOne Account¶
When managing a single BloxOne Account, you can use the 'Global' configuration. You can do this for either your current powershell session or save the API Key as persistent for your current user.
Using the 'Global' method will always override any active configuration profiles. This can be useful if you want to quickly test a new API key, without having to save it as a connection profile.
Persistent¶
To store your API Key permanently for your user, you can specify the -Persist option as shown below.
Single Session¶
Alternatively, you can simply store your API Key for the current powershell session only.
Environment Variable¶
You can additionally pass the API Key via an Environment Variable. This will pass in the credentials as clear text, but can be used for non-persistent transactions such as leveraging ibPS via Ansible .
Managing multiple BloxOne Accounts¶
When managing more than one account, you can use the Profiles configuration. Configuration Profiles enable you to save API keys for multiple accounts, and easily switch between them.
See Get-B1ConnectionProfile for more information
BloxOne Cmdlets¶
All Cmdlets are listed in the left-hand menu. You can also use the Get-Help cmdlet to get detailed information on usage. Example;
Common Parameters¶
Supported Get-* cmdlets have -Strict, -CaseSensitive, -tfilter, -Fields, -OrderBy, -OrderByTag, -Limit & -Offset parameters. Their use is described below.
| Parameter | Description |
|---|---|
| -Strict |
This is used to apply strict name checking when querying objects. The default is to perform wildcard/lazy matches based on submitted query parameters. When using -Strict, search parameters use the := operator, ensuring only exact matches. This is a case-insensitive search by default. To do a case-sensitive search, specify the -CaseSensitive switch parameter which will instead use the == operatorWhen not using -Strict, search parameters use the ~ operator, this matches based on a regex string. A global regex modifier (?i) is automatically appended to search parameters. If you want to use case-sensitive regex, you can optionally specify the -CaseSensitive parameter on supported functions.
|
| -CaseSensitive |
This is used to perform Case Sensitive matching. The default is to perform case-insensitive matches based on submitted query parameters. The nature of the BloxOne API means that not all API endpoints support case-sensitive searching. This is reflected by the -CaseSensitive parameter being present or ommitted from functions based on the support for it in the API.See -Strict for more information about the mechanism this uses. |
| -tfilter |
This is used to filter results of your query by tags.
Get-B1Record -tfilter '("myTag"=="val1" or "myOtherTag"~"partvalue")'
|
| -Fields |
This is used to filter the fields returned by the API
Get-B1Record -Fields name_in_zone,absolute_zone_name,rdata |
| -OrderBy |
This is used to order the results returned from the API. It defaults to ascending if no suffix is set, but can be set using 'asc' or 'desc' as shown below.
Get-B1Host -OrderBy 'display_name asc' |
| -OrderByTag |
This is used to order the results returned from the API based on tag. It defaults to ascending if no suffix is set, but can be set using 'asc' or 'desc' as shown below.
Get-B1Host -OrderByTag 'nios/grid_name desc' |
| -Limit |
This is used to specify the number of results to return from the API.
Get-B1ServiceLog -B1Host MyB1Host -Start (Get-Date).AddHours(-6) -Limit 1000 |
| -Offset |
The -Offset parameter will offset the results returned by the amount specified. This is used in combination with -Limit to achieve pagination of API results.
Get-B1ServiceLog -B1Host MyB1Host -Start (Get-Date).AddHours(-6) -Limit 1000 -Offset 1000 |
| -CustomFilters | The -CustomFilters parameter allows you to use custom filters when interacting with the API and supports inputs as String, Object or ArrayList. See the Custom Filters section for usage information. |
-CustomFilters¶
The -CustomFilters parameter can be used to apply custom filtering to API calls. The filters are logical expression strings that includes JSON tag references to values in each resource, literal values, and logical operators.
Literal values include numbers (integer and floating-point), and quoted (both single- or double-quoted) literal strings, and 'null’. The following operators are commonly used in filter expressions:
| Operator | Description |
|---|---|
| == | Equal |
| != | Not Equal |
| := | Equal (Case Insensitive) |
| > | Greater Than |
| >= | Greater Than or Equal To |
| < | Less Than |
| <= | Less Than or Equal To |
| ~ | Matches Regex |
| !~ | Does Not Match Regex |
| and | Logical AND |
| or | Logical OR |
| not | Logical NOT |
| () | Groupping Operators |
It supports inputs as either String, Object or ArrayList as shown below.
String¶
Object¶
When using Object type, all filters are assumed to use the Logical AND Operator.
$CustomFilters = @(
@{
"Property"="name"
"Operator"="~"
"Value"="postman"
}
@{
"Property"="state"
"Operator"="=="
"Value"="enabled"
}
)
ArrayList¶
When using ArrayList type, all filters are assumed to use the Logical AND Operator.
[System.Collections.ArrayList]$CustomFilters = @()
$CustomFilters.Add('name~"postman"') | Out-Null
$CustomFilters.Add('state=="enabled"') | Out-Null
General Cmdlets¶
Get-ibPSVersion -CheckForUpdates
# Gets the ibPS Module Version.
# Using -CheckForUpdates optionally checks if ibPS is up to date
# Using -Update will optionally perform an in place upgrade of the ibPS module
# Using -Force will force the update/replacement of ibPS, regardless of the current version
Pipeline Support¶
Pipeline input for Set- & Remove- cmdlets is being developed, to allow more flexible usage of ibPS. The table below shows the current support for this feature.
| Cmdlet | Pipeline Input Supported | Supported Input Cmdlets |
|---|---|---|
| Reboot-B1Host | Get-B1Host | |
| Remove-B1DNSView | Get-B1DNSView | |
| Remove-B1Space | Get-B1Space | |
| Remove-B1AddressBlock | Get-B1AddressBlock | |
| Remove-B1AddressReservation | Get-B1Address | |
| Remove-B1AuthoritativeZone | Get-B1AuthoritativeZone | |
| Remove-B1ForwardZone | Get-B1ForwardZone | |
| Remove-B1FixedAddress | Get-B1FixedAddress | |
| Remove-B1Host | Get-B1Host | |
| Remove-B1Range | Get-B1Range | |
| Remove-B1Record | Get-B1Record | |
| Remove-B1Service | Get-B1Service | |
| Remove-B1Subnet | Get-B1Subnet | |
| Remove-B1APIKey | Get-B1APIKey | |
| Remove-B1HAGroup | Get-B1HAGroup | |
| Remove-B1DHCPConfigProfile | Get-B1DHCPConfigProfile | |
| Remove-B1DNSConfigProfile | Get-B1DNSConfigProfile | |
| Remove-B1InternalDomainList | Get-B1InternalDomainList | |
| Remove-B1CustomList | Get-B1CustomList | |
| Remove-B1Location | Get-B1Location | |
| Remove-B1DTCServer | Get-B1DTCServer | |
| Remove-B1DTCPool | Get-B1DTCPool | |
| Remove-B1DTCPolicy | Get-B1DTCPolicy | |
| Remove-B1DTCLBDN | Get-B1DTCLBDN | |
| Remove-B1DTCHealthCheck | Get-B1DTCHealthCheck | |
| Set-B1DTCServer | Get-B1DTCServer | |
| Set-B1DTCPool | Get-B1DTCPool | |
| Set-B1DTCPolicy | Get-B1DTCPolicy | |
| Set-B1DTCLBDN | Get-B1DTCLBDN | |
| Set-B1DTCHealthCheck | Get-B1DTCHealthCheck | |
| Set-B1AddressBlock | Get-B1AddressBlock | |
| Set-B1AuthoritativeZone | Get-B1AuthoritativeZone | |
| Set-B1DHCPConfigProfile | Get-B1DHCPConfigProfile | |
| Set-B1FixedAddress | Get-B1FixedAddress | |
| Set-B1ForwardNSG | Get-B1ForwardNSG | |
| Set-B1ForwardZone | Get-B1ForwardZone | |
| Set-B1Location | Get-B1Location | |
| Set-B1Host | Get-B1Host | |
| Set-B1Range | Get-B1Range | |
| Set-B1Record | Get-B1Record | |
| Set-B1Subnet | Get-B1Subnet | |
| Set-B1APIKey | Get-B1APIKey | |
| Set-B1HAGroup | Get-B1HAGroup | |
| Start-B1DiagnosticTask | Get-B1Host | |
| Start-B1Service | Get-B1Service | |
| Stop-B1Service | Get-B1Service | |
| Set-B1TideDataProfile | Get-B1TideDataProfile | |
| Set-B1InternalDomainList | Get-B1InternalDomainList | |
| Set-B1CustomList | Get-B1CustomList | |
| Remove-B1SecurityPolicy | Get-B1SecurityPolicy | |
| Remove-B1NetworkList | Get-B1NetworkList | |
| Get-B1DossierLookup | Start-B1DossierLookup | |
| Set-B1Object | Get-B1Object | |
| Get-B1ZoneChild | Get-B1DNSView Get-B1AuthoritativeZone Get-B1ForwardZone |
|
| Get-B1IPAMChild | Get-B1Space Get-B1AddressBlock Get-B1Subnet Get-B1Range |
|
| Get-B1AddressBlockNextAvailable | Get-B1AddressBlock | |
| Get-B1AddressNextAvailable | Get-B1Address Get-B1Subnet Get-B1Range |
|
| Get-B1SubnetNextAvailable | Get-B1AddressBlock | |
| Get-NetworkInfo | Get-B1AddressBlock Get-B1Subnet Get-B1AddressBlockNextAvailable Get-B1SubnetNextAvailable |
|
| Get-B1SecurityPolicyRules | Get-B1SecurityPolicy | |
| Get-B1SOCInsightAssets | Get-B1SOCInsight | |
| Get-B1SOCInsightComments | Get-B1SOCInsight | |
| Get-B1SOCInsightEvents | Get-B1SOCInsight | |
| Get-B1SOCInsightIndicators | Get-B1SOCInsight | |
| Set-B1SOCInsight | Get-B1SOCInsight | |
| Resolve-DoHQuery | Get-B1SecurityPolicy |
Development Lifecycle¶
All new commits will first be made to the dev branch until tested. Once these changes are merged into main branch, Github actions are used to package both the PowerShell Module and its documentation and subsequently publish to PowerShell Gallery.
Resources¶
This PowerShell Module makes use of the following InfoBlox APIs;
License¶
MIT