Hello,
I have created a fairly automated way of exporting all the IPAM network information from our Infoblox instance into a JSON export file which is then used to create an Excel spreadsheet with all the information needed to create a CSV in the exact format needed for import into QRadar.
I was hoping to take the process one step further and automate the upload to QRadar via the API.
I can pull Network hierarchy information via the API and I can manually update small amounts of Network Hierarchy via the API GUI and via the command line.
This command line will update the Network Hierarchy via the API
curl -s -X PUT -u admin -H 'Content-Type: application/json' -H 'Version: 12.0' -H 'Accept: application/json' --data-binary '[ { "name": "1J_Vmotion-L2ONLY", "description": "", "cidr": "10.0.0.0/24", "id": 1, "domain_id": 0, "group": "1J.Vmotion-L2ONLY.VLAN-777.City.St" }, { "name": "1P_DataCenter-Legacy", "description": "", "cidr": "10.1.0.0/21", "id": 2, "domain_id": 0, "group": "1P.DataCenter-Legacy.VLAN-Undefined.Undefined.Undefined" }, { "name": "X2_LANLegacy", "description": "", "cidr": "10.10.0.0/16", "id": 3, "domain_id": 0, "group": "X2.LANLegacy.VLAN-10.City.St" }, { "name": "X2_LANLegacy-NOTROUTED", "description": "", "cidr": "10.2.0.0/24", "id": 4, "domain_id": 0, "group": "X2.LANLegacy-NOTROUTED.VLAN-20.City.St" }, { "name": "DR_Undefined", "description": "", "cidr": "10.30.0.0/24", "id": 5, "domain_id": 0, "group": "DR.Undefined.VLAN-Undefined.Undefined.Undefined" }, { "name": "DR_Network-Management", "description": "", "cidr": "10.30.1.0/24", "id": 6, "domain_id": 0, "group": "DR.Network-Management.VLAN-1.Undefined.Undefined" }, { "name": "DR_Unix-Linux-DATA", "description": "", "cidr": "10.30.10.0/24", "id": 7, "domain_id": 0, "group": "DR.Unix-Linux-DATA.VLAN-10.Undefined.Undefined" }, { "name": "DR_Unix-Linux-MANAGEMENT", "description": "", "cidr": "10.30.11.0/24", "id": 8, "domain_id": 0, "group": "DR.Unix-Linux-MANAGEMENT.VLAN-11.Undefined.Undefined" }, { "name": "DR_FortigateUserVPNIPPool", "description": "", "cidr": "10.30.112.0/20", "id": 9, "domain_id": 0, "group": "DR.FortigateUserVPNIPPool.VLAN-Undefined.SpringGarden.Undefined" }, { "name": "DR_Windows", "description": "", "cidr": "10.30.12.0/24", "id": 10, "domain_id": 0, "group": "DR.Windows.VLAN-16.Undefined.Undefined" }, { "name": "DR_Windows-Exchange", "description": "", "cidr": "10.30.13.0/24", "id": 11, "domain_id": 0, "group": "DR.Windows-Exchange.VLAN-17.Undefined.Undefined" }, { "name": "DR_Windows-MANAGEMENT", "description": "", "cidr": "10.30.14.0/24", "id": 12, "domain_id": 0, "group": "DR.Windows-MANAGEMENT.VLAN-18.Undefined.Undefined" }, { "name": "DR_Windows-RESERVED", "description": "", "cidr": "10.30.15.0/24", "id": 13, "domain_id": 0, "group": "DR.Windows-RESERVED.VLAN-Undefined.Undefined.Undefined" }, { "name": "DR_CES-LAN", "description": "", "cidr": "10.30.16.0/24", "id": 14, "domain_id": 0, "group": "DR.CES-LAN.VLAN-24.Undefined.Undefined" }, { "name": "DR_CES-RESERVED", "description": "", "cidr": "10.30.17.0/24", "id": 15, "domain_id": 0, "group": "DR.CES-RESERVED.VLAN-Undefined.Undefined.Undefined" }, { "name": "DR_Environmental", "description": "", "cidr": "10.30.18.0/24", "id": 16, "domain_id": 0, "group": "DR.Environmental.VLAN-78.Undefined.Undefined" }, { "name": "DR_Network-VPN", "description": "", "cidr": "10.30.2.0/24", "id": 17, "domain_id": 0, "group": "DR.Network-VPN.VLAN-2.Undefined.Undefined" }, { "name": "DR_Storage-DATA", "description": "", "cidr": "10.30.20.0/24", "id": 18, "domain_id": 0, "group": "DR.Storage-DATA.VLAN-32.Undefined.Undefined" }, { "name": "DR_Storage-MANAGEMENT", "description": "", "cidr": "10.30.21.0/24", "id": 19, "domain_id": 0, "group": "DR.Storage-MANAGEMENT.VLAN-33.Undefined.Undefined" }, ]' 'https://192.168.0.94/api/config/network_hierarchy/staged_networks'
That's just a few networks and that command line is already quite long!
I have over 4000 networks defined and that number is growing all the time.
My import file with all the networks is named InfoBloxNetworkExport-2021-02-09_api_import_ready.json
Based on my research I should be able to use a curl command like this to put all that data into QRadar via the API
curl -s -X PUT -u admin -H 'Content-Type: application/json' -H 'Version: 12.0' -H 'Accept: application/json' --data-binary -d @./InfoBloxNetworkExport-2021-02-09_api_import_ready.json 'https://192.168.0.94/api/config/network_hierarchy/staged_networks'
I have tried numerous iterations of this basic command and none of them update the Network Hierarchy via the API. There is no error message, yet no update.
Has anyone successfully updated a large number of networks via the QRadar API? If so how?
Thanks very much,
Robert
------------------------------
Robert Strom
------------------------------