Skip to content



InfoBlox BloxOneDDI & BloxOne Threat Defense Powershell Module

A series of PowerShell Cmdlets used to interact with the InfoBlox BloxOne APIs.

Key FeaturesHow To UseGithubResourcesLicensePowershell Gallery

Key Features

  • Automate end-to-end deployments of BloxOne
  • Create, Edit & Remove objects from BloxOne Cloud (Records, Subnets, Ranges, Zones, HAGroups, etc.)
  • Apply DNS/DHCP Configuration Policies to On-Prem hosts
  • Deploy Azure, VMware & Hyper-V BloxOne Appliances
  • Deploy / Configure / Manage Hosts & Services
  • Query DNS/DHCP/Host/Audit/Security logs
  • Interact with the TIDE API
  • Build custom scripts/functions leveraging the BloxOne Wrapper Cmdlets.
  • Fully featured NIOS Wrapper using Native API or BloxOne Federation NIOS Wrapper Cmdlets
  • Automate the world!

Feature Requests

  • If the cmdlet you are looking for is not yet built into the Module, you can raise a feature request via Github Issues.
  • You can also use this module as a generic wrapper by leveraging the: BloxOne Wrapper Cmdlets & NIOS Wrapper Cmdlets.

How To Use

The easiest option to install the ibPS Module is to use the PowerShell Gallery.

Loading ibPS Module

You can either load the cmdlets directly, or Import/Install it as a PowerShell Module.

# Install for all users (Requires run as administrator)
Install-Module -Name ibPS -Scope AllUsers

# Install for current user
Install-Module -Name ibPS -Scope CurrentUser

Installing from Github

You can install from source directly from Github using the command below.

iex "& {$(irm https://raw.githubusercontent.com/TehMuffinMoo/ibPS/main/Install.ps1)} s"

You can optionally also append the branch name at the end, as shown below

iex "& {$(irm https://raw.githubusercontent.com/TehMuffinMoo/ibPS/main/Install.ps1)} s dev"

Installing/Updating with Install.ps1

You can install with the Install.ps1 script.

# Clone this repository on Windows
$ git clone https://github.com/TehMuffinMoo/ibPS/

# Go into the repository
$ cd ibPS/

# Install Module
. .\Install.ps1

# Non-Interactive Install Module
. .\Install.ps1 -Selection i

Updating ibPS automatically

# You can upgrade ibPS directly from the module by using the following cmdlet
Get-ibPSVersion -Update

Explicitly Import Module

# You can import the module directly by using;
Import-Module -Name ".\Modules\ibPS\BloxOne-Main.psm1" -DisableNameChecking

Explicitly Import Functions

# You can load the functions directly by using;
. .\Modules\BloxOne-Main.ps1

Authentication (API Key)

In order to authenticate against the BloxOne CSP (Cloud Services Portal), you must first set your API Key. There are a few ways to do this, depending on your use-case.

Managing a single BloxOne Account

When managing a single BloxOne Account, you can use the 'Global' configuration. You can do this for either your current powershell session or save the API Key as persistent for your current user.

Using the 'Global' method will always override any active configuration profiles. This can be useful if you want to quickly test a new API key, without having to save it as a connection profile.

Persistent

To store your API Key permanently for your user, you can specify the -Persist option as shown below.

Set-ibPSConfiguration -CSPAPIKey "<ApiKeyFromCSP>" -Persist

Single Session

Alternatively, you can simply store your API Key for the current powershell session only.

Set-ibPSConfiguration -CSPAPIKey "<ApiKeyFromCSP>"

Environment Variable

You can additionally pass the API Key via an Environment Variable. This will pass in the credentials as clear text, but can be used for non-persistent transactions such as leveraging ibPS via Ansible .

export IBPSB1APIKEY='<ApiKeyFromCSP>'

$ENV:IBPSB1APIKEY = '<ApiKeyFromCSP>'

Managing multiple BloxOne Accounts

When managing more than one account, you can use the Profiles configuration. Configuration Profiles enable you to save API keys for multiple accounts, and easily switch between them.

See Get-B1ConnectionProfile for more information

New-B1ConnectionProfile -Name 'Prod' -CSPRegion 'US' -APIKey '<ApiKeyFromCSP>'

BloxOne Cmdlets

All Cmdlets are listed in the left-hand menu. You can also use the Get-Help cmdlet to get detailed information on usage. Example;

Get-Help New-B1AddressBlock -Detailed

Common Parameters

Supported Get-* cmdlets have -Strict, -CaseSensitive, -tfilter, -Fields, -OrderBy, -OrderByTag, -Limit & -Offset parameters. Their use is described below.

Parameter Description
-Strict This is used to apply strict name checking when querying objects. The default is to perform wildcard/lazy matches based on submitted query parameters.

When using -Strict, search parameters use the := operator, ensuring only exact matches. This is a case-insensitive search by default. To do a case-sensitive search, specify the -CaseSensitive switch parameter which will instead use the == operator

When not using -Strict, search parameters use the ~ operator, this matches based on a regex string. A global regex modifier (?i) is automatically appended to search parameters. If you want to use case-sensitive regex, you can optionally specify the -CaseSensitive parameter on supported functions.
-CaseSensitive This is used to perform Case Sensitive matching. The default is to perform case-insensitive matches based on submitted query parameters.

The nature of the BloxOne API means that not all API endpoints support case-sensitive searching. This is reflected by the -CaseSensitive parameter being present or ommitted from functions based on the support for it in the API.

See -Strict for more information about the mechanism this uses.
-tfilter This is used to filter results of your query by tags.
Get-B1Record -tfilter '("myTag"=="val1" or "myOtherTag"~"partvalue")'
-Fields This is used to filter the fields returned by the API
Get-B1Record -Fields name_in_zone,absolute_zone_name,rdata 
-OrderBy This is used to order the results returned from the API. It defaults to ascending if no suffix is set, but can be set using 'asc' or 'desc' as shown below.
Get-B1Host -OrderBy 'display_name asc'
-OrderByTag This is used to order the results returned from the API based on tag. It defaults to ascending if no suffix is set, but can be set using 'asc' or 'desc' as shown below.
Get-B1Host -OrderByTag 'nios/grid_name desc'
-Limit This is used to specify the number of results to return from the API.
Get-B1ServiceLog -B1Host MyB1Host -Start (Get-Date).AddHours(-6) -Limit 1000
-Offset The -Offset parameter will offset the results returned by the amount specified. This is used in combination with -Limit to achieve pagination of API results.
Get-B1ServiceLog -B1Host MyB1Host -Start (Get-Date).AddHours(-6) -Limit 1000 -Offset 1000
-CustomFilters The -CustomFilters parameter allows you to use custom filters when interacting with the API and supports inputs as String, Object or ArrayList. See the Custom Filters section for usage information.

-CustomFilters

The -CustomFilters parameter can be used to apply custom filtering to API calls. The filters are logical expression strings that includes JSON tag references to values in each resource, literal values, and logical operators.

Literal values include numbers (integer and floating-point), and quoted (both single- or double-quoted) literal strings, and 'null’. The following operators are commonly used in filter expressions:

Operator Description
== Equal
!= Not Equal
:= Equal (Case Insensitive)
> Greater Than
>= Greater Than or Equal To
< Less Than
<= Less Than or Equal To
~ Matches Regex
!~ Does Not Match Regex
and Logical AND
or Logical OR
not Logical NOT
() Groupping Operators

It supports inputs as either String, Object or ArrayList as shown below.

String
$CustomFilters = 'name~"10.1.2.3" and state=="enabled"'
Object

When using Object type, all filters are assumed to use the Logical AND Operator.

$CustomFilters = @(
  @{
    "Property"="name"
    "Operator"="~"
    "Value"="postman"
  }
  @{
    "Property"="state"
    "Operator"="=="
    "Value"="enabled"
  }
)

ArrayList

When using ArrayList type, all filters are assumed to use the Logical AND Operator.

[System.Collections.ArrayList]$CustomFilters = @()
$CustomFilters.Add('name~"postman"') | Out-Null
$CustomFilters.Add('state=="enabled"') | Out-Null

General Cmdlets

Get-ibPSVersion -CheckForUpdates
  # Gets the ibPS Module Version.
  # Using -CheckForUpdates optionally checks if ibPS is up to date
  # Using -Update will optionally perform an in place upgrade of the ibPS module
  # Using -Force will force the update/replacement of ibPS, regardless of the current version

Pipeline Support

Pipeline input for Set- & Remove- cmdlets is being developed, to allow more flexible usage of ibPS. The table below shows the current support for this feature.

Cmdlet Pipeline Input Supported Supported Input Cmdlets
Reboot-B1Host Implemented Get-B1Host
Remove-B1DNSView Implemented Get-B1DNSView
Remove-B1Space Implemented Get-B1Space
Remove-B1AddressBlock Implemented Get-B1AddressBlock
Remove-B1AddressReservation Implemented Get-B1Address
Remove-B1AuthoritativeZone Implemented Get-B1AuthoritativeZone
Remove-B1ForwardZone Implemented Get-B1ForwardZone
Remove-B1FixedAddress Implemented Get-B1FixedAddress
Remove-B1Host Implemented Get-B1Host
Remove-B1Range Implemented Get-B1Range
Remove-B1Record Implemented Get-B1Record
Remove-B1Service Implemented Get-B1Service
Remove-B1Subnet Implemented Get-B1Subnet
Remove-B1APIKey Implemented Get-B1APIKey
Remove-B1HAGroup Implemented Get-B1HAGroup
Remove-B1DHCPConfigProfile Implemented Get-B1DHCPConfigProfile
Remove-B1DNSConfigProfile Implemented Get-B1DNSConfigProfile
Remove-B1InternalDomainList Implemented Get-B1InternalDomainList
Remove-B1CustomList Implemented Get-B1CustomList
Remove-B1Location Implemented Get-B1Location
Remove-B1DTCServer Implemented Get-B1DTCServer
Remove-B1DTCPool Implemented Get-B1DTCPool
Remove-B1DTCPolicy Implemented Get-B1DTCPolicy
Remove-B1DTCLBDN Implemented Get-B1DTCLBDN
Remove-B1DTCHealthCheck Implemented Get-B1DTCHealthCheck
Set-B1DTCServer Implemented Get-B1DTCServer
Set-B1DTCPool Implemented Get-B1DTCPool
Set-B1DTCPolicy Implemented Get-B1DTCPolicy
Set-B1DTCLBDN Implemented Get-B1DTCLBDN
Set-B1DTCHealthCheck Implemented Get-B1DTCHealthCheck
Set-B1AddressBlock Implemented Get-B1AddressBlock
Set-B1AuthoritativeZone Implemented Get-B1AuthoritativeZone
Set-B1DHCPConfigProfile Implemented Get-B1DHCPConfigProfile
Set-B1FixedAddress Implemented Get-B1FixedAddress
Set-B1ForwardNSG Implemented Get-B1ForwardNSG
Set-B1ForwardZone Implemented Get-B1ForwardZone
Set-B1Location Implemented Get-B1Location
Set-B1Host Implemented Get-B1Host
Set-B1Range Implemented Get-B1Range
Set-B1Record Implemented Get-B1Record
Set-B1Subnet Implemented Get-B1Subnet
Set-B1APIKey Implemented Get-B1APIKey
Set-B1HAGroup Implemented Get-B1HAGroup
Start-B1DiagnosticTask Implemented Get-B1Host
Start-B1Service Implemented Get-B1Service
Stop-B1Service Implemented Get-B1Service
Set-B1TideDataProfile Implemented Get-B1TideDataProfile
Set-B1InternalDomainList Implemented Get-B1InternalDomainList
Set-B1CustomList Implemented Get-B1CustomList
Remove-B1SecurityPolicy Implemented Get-B1SecurityPolicy
Remove-B1NetworkList Implemented Get-B1NetworkList
Get-B1DossierLookup Implemented Start-B1DossierLookup
Set-B1Object Implemented Get-B1Object
Get-B1ZoneChild Implemented Get-B1DNSView
Get-B1AuthoritativeZone
Get-B1ForwardZone
Get-B1IPAMChild Implemented Get-B1Space
Get-B1AddressBlock
Get-B1Subnet
Get-B1Range
Get-B1AddressBlockNextAvailable Implemented Get-B1AddressBlock
Get-B1AddressNextAvailable Implemented Get-B1Address
Get-B1Subnet
Get-B1Range
Get-B1SubnetNextAvailable Implemented Get-B1AddressBlock
Get-NetworkInfo Implemented Get-B1AddressBlock
Get-B1Subnet
Get-B1AddressBlockNextAvailable
Get-B1SubnetNextAvailable
Get-B1SecurityPolicyRules Implemented Get-B1SecurityPolicy
Get-B1SOCInsightAssets Implemented Get-B1SOCInsight
Get-B1SOCInsightComments Implemented Get-B1SOCInsight
Get-B1SOCInsightEvents Implemented Get-B1SOCInsight
Get-B1SOCInsightIndicators Implemented Get-B1SOCInsight
Set-B1SOCInsight Implemented Get-B1SOCInsight
Resolve-DoHQuery Implemented Get-B1SecurityPolicy

Development Lifecycle

All new commits will first be made to the dev branch until tested. Once these changes are merged into main branch, Github actions are used to package both the PowerShell Module and its documentation and subsequently publish to PowerShell Gallery.

Resources

This PowerShell Module makes use of the following InfoBlox APIs;

License

MIT


Mat Cox