Infinipoint Events Sync API Integration

Owned by Gilad Sharaby
Last updated: Apr 12, 2022 by Elad Munitz (Deactivated)
13 min read

Overview

Infinipoint’s API supports syncing events in polling mode to synchronize 3rd party tools such as firewalls, different NAC solutions, and other vendors subscribing to changes.
This API allows vendors to poll events from infinipoint API such as software and hardware changes, compliance status changes, assets discovery, etc.

How It works

  1. Infinipoint supports multiple subscribers for each tenant via the SUBSCRIBER_ID parameter.
    Each subscriber receives a unique data set with no duplications.
    Currently, there is no option to send the complete data to each subscriber.

  2. Infinipoint returns a diff from the last API poll (with the same SUBSCRIBER_ID).

  3. Every 8 hours (configurable), infinipoint sends all of the data it has for all devices which are listed for the subscriber for a full sync of the data.

Configuration

  1. At the infinipoint’s console, create an API key by navigating to Tenant Settings > API Keys and click the Create API Key button followed by downloading the file.

  2. Update the following values before using the client (in config.py > general):

JWT_ACCESS_KEY : set to infp_access_key_id (from the downloaded json API file)

JWT_SECRET : set to infp_sercet_key (from the downloaded json API file)

SUBSCRIBER_ID : unique string set by the subscriber.

Schema

Expect the following schema returned from the API.
Note that keys which do not exists in our backend may not return. For example, a newly registered device which was not yet scanned for vulnerabilities.

{ "fields": { "tag": "mac", "label": "MAC Address", "description": "MAC Address - lower case letters and without a colon symbol. This is the primary key for a device", "type": "string", "list": true }, "subfields": [ { "properties": [ { "tag": "infp_last_logged_in_user", "label": "Last Logged In User", "description": "infinipoint Last Logged In User", "type": "string", "default": "{user}" }, { "tag": "infp_os", "label": "OS", "description": "infinipoint Operating system", "type": "string" }, { "tag": "infp_os_build", "label": "OS Build", "description": "infinipoint OS Build", "type": "string" }, { "tag": "infp_id", "label": "infinipoint Device ID", "description": "infinipoint Device ID - unique GUID per client", "type": "string" }, { "tag": "infp_management_state", "label": "infinipoint Management State", "description": "The infinipoint Management State. Enumeration property: managed, IOT, discovered", "type": "string" }, { "tag": "infp_ip", "label": "internal IP address of the main MAC address", "description": "Internal IP address", "type": "string" }, { "tag": "infp_additional_interfaces", "label": "additional device interfaces", "description": "List of interfaces detected by infinipoint", "type": "composite", "list": true, "subfields": [ { "tag": "ip", "label": "IP address", "description": "internal IP address for the interface", "type": "string" }, { "tag": "mac", "label": "MAC address", "description": "MAC address for the interface", "type": "string" } ] }, { "tag": "infp_hostname", "label": "Hostname", "description": "The hostname detected by infinipoint", "type": "string" }, { "tag": "infp_firewall_enabled", "label": "Firewall Enabled", "description": "Firewall Enabled detected by infinipoint - returns 1 when on 0 when off", "type": "string" }, { "tag": "infp_encryption_enabled", "label": "Encryption Enabled", "description": "Encryption Enabled detected by infinipoint (FileVault or BitLocker only) - returns 1 when on 0 when off", "type": "string" }, { "tag": "infp_compliance", "label": "Compliance", "description": "Compliance detected by infinipoint. This value represent the final status for all compliance policies which are applied on the device", "type": "boolean", "default": "{default_compliance_state}" }, { "tag": "infp_software", "label": "Software", "description": "software detected by infinipoint", "type": "composite", "list": true, "subfields": [ { "tag": "name", "label": "Software Name", "description": "Software name", "type": "string" }, { "tag": "version", "label": "Software Version", "description": "Software version", "type": "string" }, { "tag": "publisher", "label": "Software Publisher", "description": "publisher name", "type": "string" }, { "tag": "os_type", "label": "Software OS Type", "description": "Software OS Type. Enumeration property: 0 => Null, 1 => Windows, 2 => Linux, 4 => macOS, 8 => IoT", "type": "string" } ] }, { "tag": "infp_vulnerabilities", "label": "Vulnerabilities", "description": "vulnerabilities detected by infinipoint.", "type": "composite", "list": true, "overwrite": true, "subfields": [ { "tag": "cve_id", "label": "CVE ID", "description": "CVE ID", "type": "string" }, { "tag": "score", "label": "Score", "description": "infinipoint CVE risk score", "type": "integer" } ] } ] } ] }

Example Response

[ { "mac": "42010a840012", "properties": { "infp_id": "ef1fcbf4-67ef-4a4f-9725-1adcc3ea0327", "infp_management_state": "managed", "infp_ip": "192.168.1.111", "infp_additional_interfaces": [ { "ip": "172.17.32.1", "mac": "00:15:5D:10:86:31" }, {...}, {...} ] } }, "infp_last_logged_in_user": "user_domain_com", "infp_os": "Ubuntu", "infp_os_build": "20.04.2 LTS (Focal Fossa)", "infp_firewall_enabled": null, "infp_encryption_enabled": null, "infp_hostname": "sample-vm", "infp_compliance": true, "infp_software": [ { "name": "accountsservice", "version": "0.6.55-0ubuntu12~20.04.4", "publisher": "", "os_type": "2" }, { "name": "adduser", "version": "3.118ubuntu2", "publisher": "", "os_type": "2" }, {...}, {...} ], "infp_vulnerabilities": [ { "cve_id": "CVE-2020-27618", "score": 1 }, { "cve_id": "CVE-2021-28964", "score": 10 }, {...}, {...} ] } }, { "mac": "42010a840039", "properties": { "infp_id": "8d2a6163-999d-49a6-a0c9-c567b9acdc8f", "infp_management_state": "managed", "infp_last_logged_in_user": "user2", "infp_os": "Microsoft Windows Server 2019 Datacenter", "infp_os_build": "10.0.17763", "infp_firewall_enabled": null, "infp_encryption_enabled": null, "infp_hostname": "sample-vm-win", "infp_software": [ { "name": "GooGet - googet", "version": "2.17.3@1", "publisher": "", "os_type": "1" }, { "name": "GooGet - google-compute-engine-driver-balloon", "version": "16.1.3@18", "publisher": "", "os_type": "1" }, {...}, {...} ] } } ]