[infoblox_bloxone_ddi] Initial Release for the Infoblox BloxOne DDI

.github/CODEOWNERS

@@ -84,6 +84,7 @@
 /packages/iis @elastic/obs-service-integrations
 /packages/imperva @elastic/security-external-integrations
 /packages/infoblox @elastic/security-external-integrations
+/packages/infoblox_bloxone_ddi @elastic/security-external-integrations
 /packages/infoblox_nios @elastic/security-external-integrations
 /packages/iptables @elastic/security-external-integrations
 /packages/jamf_compliance_reporter @elastic/security-external-integrations

packages/infoblox_bloxone_ddi/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: git@v8.4.0

packages/infoblox_bloxone_ddi/_dev/build/docs/README.md

@@ -0,0 +1,76 @@
+# Infoblox BloxOne DDI
+
+## Overview
+
+The [Infoblox BloxOne DDI](https://www.infoblox.com/products/bloxone-ddi/) integration allows you to monitor DNS, DHCP and IP address management activity. DDI is the foundation of core network services that enables all communications over an IP-based network.
+
+Use the Infoblox BloxOne DDI integration to collects and parses data from the REST APIs and then visualize that data in Kibana.
+
+## Data streams
+
+The Infoblox BloxOne DDI integration collects logs for three types of events: DHCP lease, DNS data and DNS config.
+
+**DHCP Lease** is a Infoblox BloxOne DDI service that stores information about leases. See more details about its API [here](https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FDhcpLeases).
+
+**DNS Config** is a Infoblox BloxOne DDI service that provides cloud-based DNS configuration with on-prem host serving DNS protocol. See more details about its API [here](https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FDnsConfig).
+
+**DNS Data** is a Infoblox BloxOne DDI service providing primary authoritative zone support. DNS Data is authoritative for all DNS resource records and is acting as a primary DNS server. See more details about its API [here](https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FDnsData).
+
+## Requirements
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.
+
+This module has been tested against `Infoblox BloxOne DDI API (v1)`.
+
+## Setup
+
+### To collect data from Infoblox BloxOne DDI APIs, the user must have API Key. To create an API key follow the below steps:
+
+1. Log on to the Cloud Services Portal.
+2. Go to **<User_Name> -> User Profile**.
+3. Go to **User API Keys** page.
+4. Click **Create** to create a new API key. Specify the following:
+    - **Name**: Specify the name of the key.
+    - **Expires at**: Specify the expiry.
+5. Click **Save & Close**. The API Access Key Generated dialog is shown.
+6. Click **Copy**.
+
+### Enabling the integration in Elastic
+
+1. In Kibana go to **Management > Integrations**.
+2. In the "Search for integrations" search bar, type **Infoblox BloxOne DDI**.
+3. Click on **Infoblox BloxOne DDI** integration from the search results.
+4. Click on **Add Infoblox BloxOne DDI** button to add Infoblox BloxOne DDI integration.
+5. Enable the Integration to collect logs via API.
+
+## Logs Reference
+
+### dhcp_lease
+
+This is the `dhcp_lease` dataset.
+
+#### Example
+
+{{event "dhcp_lease"}}
+
+{{fields "dhcp_lease"}}
+
+### dns_config
+
+This is the `dns_config` dataset.
+
+#### Example
+
+{{event "dns_config"}}
+
+{{fields "dns_config"}}
+
+### dns_data
+
+This is the `dns_data` dataset.
+
+#### Example
+
+{{event "dns_data"}}
+
+{{fields "dns_data"}}

packages/infoblox_bloxone_ddi/_dev/deploy/docker/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '2.3'
+services:
+  infoblox-bloxone-ddi:
+    image: docker.elastic.co/observability/stream:v0.8.0
+    hostname: infoblox-bloxone-ddi
+    ports:
+      - 8080
+    volumes:
+      - ./files:/files:ro
+    environment:
+      PORT: '8080'
+    command:
+      - http-server
+      - --addr=:8080
+      - --config=/files/config.yml

packages/infoblox_bloxone_ddi/_dev/deploy/docker/files/config.yml

@@ -0,0 +1,19 @@
+rules:
+  - path: /api/ddi/v1/dhcp/lease
+    methods: ['GET']
+    responses:
+      - status_code: 200
+        body: |
+          {"results":[{"address":"81.2.69.192","client_id":"abc3212abc","ends":"2022-07-11T11:51:15.417Z","fingerprint":"ab3213cbabab/abc23bca","fingerprint_processed":"12abca32bca32abcd","ha_group":"abc321cdcbda321","hardware":"00:00:5E:00:53:00","host":"admin","hostname":"Host1","iaid":0,"last_updated":"2022-07-11T11:51:15.417Z","options":{"message":"Hello"},"preferred_lifetime":"2022-07-11T11:51:15.417Z","protocol":"ip4","space":"DHCP lease Space","starts":"2022-07-14T11:51:15.417Z","state":"used","type":"DHCP lease Type"}]}
+  - path: /api/ddi/v1/dns/view
+    methods: ['GET']
+    responses:
+      - status_code: 200
+        body: |
+          {"results":[{"add_edns_option_in_outgoing_query":true,"comment":"DNS Config Comment","created_at":"2022-07-15T06:55:25.978Z","custom_root_ns":[{"address":"81.2.69.192","fqdn":"custom fqdn","protocol_fqdn":"custom protocol fqdn"}],"custom_root_ns_enabled":true,"disabled":true,"dnssec_enable_validation":true,"dnssec_enabled":true,"dnssec_root_keys":[{"algorithm":30,"protocol_zone":"Dnssec root protocol zone","public_key":"Dnssec root Public Key","sep":true,"zone":"Dnssec root Zone"}],"dnssec_trust_anchors":[{"algorithm":10,"protocol_zone":"Dnssec trust protocol zone","public_key":"Dnssec trust Public Key","sep":true,"zone":"Dnssec trust zone"}],"dnssec_validate_expiry":true,"ecs_enabled":true,"ecs_forwarding":true,"ecs_prefix_v4":22,"ecs_prefix_v6":33,"ecs_zones":[{"access":"ecs zones access","fqdn":"ecs zones fqdn","protocol_fqdn":"ecs zones protocol fqdn"}],"edns_udp_size":568,"forwarders":[{"address":"81.2.69.192","fqdn":"forwarders fqdn","protocol_fqdn":"forwarders protocol fqdn"}],"forwarders_only":true,"gss_tsig_enabled":true,"id":"adv12rgfh","inheritance_sources":{"add_edns_option_in_outgoing_query":{"action":"inherit","display_name":"displaynameadd_edns_option_in_outgoing_query","source":"sourceadd_edns_option_in_outgoing_query","value":true},"custom_root_ns_block":{"action":"override","display_name":"displaynamecustom_root_ns_block","source":"sourcecustom_root_ns_block","value":{"custom_root_ns":[{"address":"67.43.156.0","fqdn":"fqdn_custom_root_ns","protocol_fqdn":"protocolfqdn_custom_root_ns"}],"custom_root_ns_enabled":true}},"dnssec_validation_block":{"action":"inherit","display_name":"displaynamednssec_validation_block","source":"sourcednssec_validation_block","value":{"dnssec_enable_validation":true,"dnssec_enabled":true,"dnssec_trust_anchors":[{"algorithm":8,"protocol_zone":"protocolzonednssec_trust_anchors","public_key":"publickeydnssec_trust_anchors","sep":false,"zone":"is3zone"}],"dnssec_validate_expiry":true}},"ecs_zones":{"action":"override","display_name":"displaynameecs_zones","source":"sourceecs_zones","value":{"ecs_enabled":false,"ecs_forwarding":true,"ecs_prefix_v4":4,"ecs_prefix_v6":12,"ecs_zones":[{"access":"access_ecs_zones","fqdn":"fqdn_ecs_zones","protocol_fqdn":"protocolfqdn_ecs_zones"}]}},"ecs_block":{"action":"inherit","display_name":"displaynameecs_block","source":"sourceecs_block","value":{"ecs_enabled":false,"ecs_forwarding":true,"ecs_prefix_v4":4,"ecs_prefix_v6":10,"ecs_zones":[{"access":"inherit","fqdn":"fqdnecs_block","protocol_fqdn":"protocol_fqdnecs_block"}]}},"edns_udp_size":{"action":"inherit","display_name":"displaynameedns_udp_size","source":"sourceedns_udp_size","value":55},"forwarders_block":{"action":"inherit","display_name":"displaynameforwarders_block","source":"sourceforwarders_block","value":{"forwarders":[{"address":"89.160.20.128","fqdn":"forwarders_fqdn","protocol_fqdn":"forwarders_protocolfqdn"}],"forwarders_only":true}},"gss_tsig_enabled":{"action":"inherit","display_name":"displaynamegss_tsig_enabled","source":"sourcegss_tsig_enabled","value":true},"lame_ttl":{"action":"inherit","display_name":"displaynamelame_ttl","source":"sourcelame_ttl","value":45},"match_recursive_only":{"action":"inherit","display_name":"displaynamematch_recursive_only","source":"sourcematch_recursive_only","value":false},"max_cache_ttl":{"action":"inherit","display_name":"displaynamemax_cache_ttl","source":"sourcemax_cache_ttl","value":13},"max_negative_ttl":{"action":"inherit","display_name":"displaynamemax_negative_ttl","source":"sourcemax_negative_ttl","value":12},"max_udp_size":{"action":"inherit","display_name":"displaynamemax_udp_size","source":"sourcemax_udp_size","value":11},"minimal_responses":{"action":"inherit","display_name":"displaynameminimal_responses","source":"sourceminimal_responses","value":true},"notify":{"action":"inherit","display_name":"displayname_notify","source":"source_notify","value":true},"query_acl":{"action":"override","display_name":"displaynamequery_acl","source":"sourcequery_acl","value":[{"access":"allow","acl":"aclvalue_query_acl","address":"89.160.20.128","element":"elementvaluequery_acl","tsig_key":{"algorithm":"hmac_sha256","comment":"commentquery_acl","key":"keyquery_acl","name":"namequery_acl","protocol_name":"protocolname_query_acl","secret":"secretquery_acl"}}]},"recursion_acl":{"action":"override","display_name":"displaynamerecursion_acl","source":"sourcerecursion_acl","value":[{"access":"deny","acl":"aclrecursion_acl","address":"89.160.20.128","element":"elementrecursion_acl","tsig_key":{"algorithm":"hmac_sha384","comment":"commentrecursion_acl","key":"keyrecursion_acl","name":"namerecursion_acl","protocol_name":"protocolnamerecursion_acl","secret":"secretrecursion_acl"}}]},"recursion_enabled":{"action":"inherit","display_name":"displaynamerecursion_enabled","source":"sourcerecursion_enabled","value":true},"synthesize_address_records_from_https":{"action":"inherit","display_name":"displaynamesynthesize_address_records_from_https","source":"sourcesynthesize_address_records_from_https","value":true},"transfer_acl":{"action":"inherit","display_name":"displaynametransfer_acl","source":"sourcetransfer_acl","value":[{"access":"allow","acl":"acltransfer_acl","address":"216.160.83.56","element":"elementtransfer_acl","tsig_key":{"algorithm":"hmac_sha224","comment":"commenttransfer_acl","key":"keytransfer_acl","name":"nametransfer_acl","protocol_name":"protocolnametransfer_acl","secret":"secrettransfer_acl"}}]},"update_acl":{"action":"override","display_name":"displaynameupdate_acl","source":"sourceupdate_acl","value":[{"access":"allow","acl":"aclupdate_acl","address":"216.160.83.56","element":"elementupdate_acl","tsig_key":{"algorithm":"hmac_sha384","comment":"commentupdate_acl","key":"keyupdate_acl","name":"nameupdate_acl","protocol_name":"protocolnameupdate_acl","secret":"secretupdate_acl"}}]},"use_forwarders_for_subzones":{"action":"override","display_name":"displaynameuse_forwarders_for_subzones","source":"sourceuse_forwarders_for_subzones","value":false},"zone_authority":{"default_ttl":{"action":"override","display_name":"displaynamezone_authority","source":"sourcezone_authority","value":50},"expire":{"action":"inherit","display_name":"displaynameexpire","source":"sourceexpire","value":70},"mname_block":{"action":"inherit","display_name":"displaynamemname_block","source":"sourcemname_block","value":{"mname":"mnamevaluemname_block","protocol_mname":"protocolmnamemname_block","use_default_mname":true}},"negative_ttl":{"action":"inherit","display_name":"displaynamenegative_ttl","source":"sourcenegative_ttl","value":90},"protocol_rname":{"action":"inherit","display_name":"displaynameprotocol_rname","source":"sourceprotocol_rname","value":"valueprotocol_rname"},"refresh":{"action":"inherit","display_name":"displayname_refresh","source":"source_refresh","value":40},"retry":{"action":"inherit","display_name":"displayname_retry","source":"source_retry","value":570},"rname":{"action":"inherit","display_name":"displayname_rname","source":"source_rname","value":"value_rname"}}},"ip_spaces":["testipspaces"],"lame_ttl":350,"match_clients_acl":[{"access":"deny","acl":"aclmatch_clients_acl","address":"81.2.69.192","element":"elementmatch_clients_acl","tsig_key":{"algorithm":"hmac_sha512","comment":"commentmatch_clients_acl","key":"keymatch_clients_acl","name":"namematch_clients_acl","protocol_name":"protocolnamematch_clients_acl","secret":"secretmatch_clients_acl"}}],"match_destinations_acl":[{"access":"allow","acl":"aclmatch_destinations_acl","address":"81.2.69.192","element":"elementmatch_destinations_acl","tsig_key":{"algorithm":"hmac_sha384","comment":"commentmatch_destinations_acl","key":"keymatch_destinations_acl","name":"namematch_destinations_acl","protocol_name":"protocolnamematch_destinations_acl","secret":"secretmatch_destinations_acl"}}],"match_recursive_only":true,"max_cache_ttl":90,"max_negative_ttl":500,"max_udp_size":890,"minimal_responses":true,"name":"string","notify":true,"query_acl":[{"access":"accessquery_acl","acl":"aclquery_acl","address":"81.2.69.192","element":"elementquery_acl","tsig_key":{"algorithm":"hmac_sha224","comment":"commentquery_acl","key":"keyquery_acl","name":"namequery_acl","protocol_name":"protocolnamequery_acl","secret":"secretquery_acl"}}],"recursion_acl":[{"access":"allow","acl":"aclrecursion_acl","address":"81.2.69.192","element":"elementrecursion_acl","tsig_key":{"algorithm":"hmac_sha1","comment":"commentrecursion_acl","key":"keyrecursion_acl","name":"namerecursion_acl","protocol_name":"protocolnamerecursion_acl","secret":"secretrecursion_acl"}}],"recursion_enabled":true,"synthesize_address_records_from_https":false,"tags":{"message":"Hello"},"transfer_acl":[{"access":"allow","acl":"acltransfer_acl","address":"216.160.83.56","element":"elementtransfer_acl","tsig_key":{"algorithm":"hmac_sha224","comment":"commenttransfer_acl","key":"keytransfer_acl","name":"nametransfer_acl","protocol_name":"protocolnametransfer_acl","secret":"secrettransfer_acl"}}],"update_acl":[{"access":"allow","acl":"aclupdate_acl","address":"216.160.83.56","element":"elementupdate_acl","tsig_key":{"algorithm":"hmac_sha1","comment":"commentupdate_acl","key":"keyupdate_acl","name":"nameupdate_acl","protocol_name":"protocolnameupdate_acl","secret":"secretupdate_acl"}}],"updated_at":"2022-07-15T06:55:25.978Z","use_forwarders_for_subzones":true,"zone_authority":{"default_ttl":20,"expire":10,"mname":"mnamezone_authority","negative_ttl":30,"protocol_mname":"protocolmnamezone_authority","protocol_rname":"protocolrnamezone_authority","refresh":50,"retry":100,"rname":"string","use_default_mname":true}}]}
+  - path: /api/ddi/v1/dns/record
+    methods: ['GET']
+    responses:
+      - status_code: 200
+        body: |
+          {"results":[{"absolute_name_spec":"DNS Data Absolute Name","absolute_zone_name":"DNS Data Absolute Zone Name","comment":"DNS Data Comment","created_at":"2022-07-20T09:59:59.184Z","delegation":"DNS Data Delegation","disabled":true,"dns_absolute_name_spec":"DNS Absolute Name","dns_absolute_zone_name":"DNS Absolute Zone Name","dns_name_in_zone":"DNS Name in Zone","dns_rdata":"DNS RData","id":"ghr123ghf","inheritance_sources":{"ttl":{"action":"DNS Data Action","display_name":"DNS Display Name","source":"DNS Data Source","value":10}},"name_in_zone":"DNS Data Name in zone","options":{"create_ptr":false,"check_rmz":true,"address":"67.43.156.0"},"rdata":{"address":"81.2.69.192","flags":"DNS Data Flags","tag":"issue","value":"DNS Data Value","cname":"DNS Data Canonical Name","target":"DNS Data Target","dhcid":"122zbczba12","exchange":"DNS Data Exchange","preference":12345363467,"order":123124,"regexp":"none","replacement":"DNS Data Replacement","services":"DNS Data Test Services","dname":"DNS Data dname","expire":23131,"mname":"DNS Data mname","negative_ttl":213342,"refresh":10800,"retry":3600,"rname":"DNS Data rname","serial":12314114,"port":80,"priority":44,"weight":0,"text":"DNS Data text field","type":"32BIT","length_kind":8},"source":["STATIC"],"tags":{"message":"Hello"},"ttl":0,"type":"DNS Data Type","updated_at":"2022-07-20T09:59:59.184Z","view":"DNS Data View","view_name":"DNS Data View Name","zone":"DNS Data Zone"}]}

packages/infoblox_bloxone_ddi/changelog.yml

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: '0.1.0'
+  changes:
+    - description: Initial Release.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/4118

packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-common-config.yml

@@ -0,0 +1,4 @@
+fields:
+  tags:
+    - preserve_original_event
+    - preserve_duplicate_custom_fields

packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/_dev/test/pipeline/test-pipeline-dhcp-lease.log

@@ -0,0 +1,2 @@
+{"address":"81.2.69.192","client_id":"string","ends":"2022-07-14T11:51:15.417Z","fingerprint":"string","fingerprint_processed":"string","ha_group":"string","hardware":"string","host":"string","hostname":"string","iaid":0,"last_updated":"2022-07-14T11:51:15.417Z","options":{"message":"Hello"},"preferred_lifetime":"2022-07-14T11:51:15.417Z","protocol":"ip6","space":"string","starts":"2022-07-14T11:51:15.417Z","state":"string","type":"string"}
+{"address":"81.2.69.192","client_id":"abc3212caabc","ends":"2022-07-14T11:51:15.417Z","fingerprint":"ab3213cbabab/abc23bca","fingerprint_processed":"12abca32bca32abcd","ha_group":"abc321cdcbda321","hardware":"00:00:5E:00:53:00","host":"admin","hostname":"example.com","iaid":0,"last_updated":"2022-07-14T11:51:15.417Z","options":{"message":"Hello"},"preferred_lifetime":"2022-07-14T11:51:15.417Z","protocol":"ip4","space":"string","starts":"2022-07-14T11:51:15.417Z","state":"used","type":"DHCPv4: DHCPv4 lease"}