InfoBlox BloxOne Threat Defense
  • 19 Sep 2024
  • 1 Minute to read
  • Contributors
  • Dark
    Light

InfoBlox BloxOne Threat Defense

  • Dark
    Light

Article summary

Infoblox BloxOne Threat Defense is a cloud-native cybersecurity solution that provides advanced threat protection by leveraging DNS (Domain Name System) as the first line of defense. It helps organizations secure their networks, protect against cyber threats, and enhance visibility into network activities.

Integration 

To connect DataBee and Infoblox for the purpose of getting DNS events and threat feed related data, DataBee needs to connect to an Infoblox bloxone API endpoint which retrieves a list of all DNS events and threat feeds generated on Infoblox bloxone platform.  

Integration Method: API

Tables: DNS Activity, Detection Finding

Events:Threats, DNS, Alerts

This integration has been tested against the Infoblox API service. 

Infoblox Bloxone Configuration

Creating A Service User

A service account with the proper permissions is needed get access to the API.

  1. Log into the Infoblox Cloud portal as an admin.
  2. Click Administration -> User Access.
  3. Select Users at the top Action bar and click Create User.
    A screenshot of a computer  Description automatically generated
  4. In the Create Users dialog, complete the following:
  • Name: Enter the name of the user you want to add.
  • Type: Choose Interactive type.
  • Email: Enter the email address for the user.
  • From the AVAILABLE USER GROUPS table select Administrators role.
  • Click Save & Close to add the user.


A screenshot of a computer  Description automatically generated

  1. Once the user is created, click on reset password by selecting that user. You will receive mail to reset password of user. Change password of created user.
    A screenshot of a computer  Description automatically generated

Creating the API Key

  1. Launch the Cloud Services Portal from a browser.

A screenshot of a login page  Description automatically generated

  1. Authenticate with your newly obtained/existing user credentials.
    Once you get to the homepage, hover your name at the bottom left of the screen, and select User Profile.

A screenshot of a computer  Description automatically generated

  1. Click on the User API Keys tab and select Create.

A screenshot of a computer  Description automatically generated

  1. In the pop-up, specify the Name and the Expiry Date. Ensure that the expiry date is set to a later date from the day you create this API key.
    Select Save & Close.

A screenshot of a computer  Description automatically generated

  1. You will see your API key on top of the screen. Make sure to save it. The API key will not be visible again.

A screenshot of a computer  Description automatically generated

DataBee Configuration

Additional information about API configuration can be found at https://docs.databee.buzz/docs/api-ingest

  1. Login to the DataBee console and add a new data source.

A screenshot of a computer  Description automatically generated

  1. Select Infoblox Bloxone Threat Defense

A screenshot of a computer  Description automatically generated

  1. Click on the API Ingest button.

A screenshot of a phone  Description automatically generated

  1. Fill in the basic owner information

A screenshot of a computer  Description automatically generated

  1. While configuring data source in DataBee UI, select Bearer Token as the Authorization Method. Provide the generated API key in Token field.

A screenshot of a computer  Description automatically generated

Confirm that the API URLs are filled in with

https://csp.infoblox.com/api/dnsdata/v2/dns_event

https://csp.infoblox.com/api/atcfw/v1/threat_feeds


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence