InfoBlox BloxOne Threat Defense

Infoblox BloxOne Threat Defense is a cloud-native cybersecurity solution that provides advanced threat protection by leveraging DNS (Domain Name System) as the first line of defense. It helps organizations secure their networks, protect against cyber threats, and enhance visibility into network activities.

Integration 

To connect DataBee and Infoblox for the purpose of getting DNS events and threat feed related data, DataBee needs to connect to an Infoblox bloxone API endpoint which retrieves a list of all DNS events and threat feeds generated on Infoblox bloxone platform.  

Integration Method: API

Tables: DNS Activity, Detection Finding

Events:Threats, DNS, Alerts

This integration has been tested against the Infoblox API service. 

Infoblox Bloxone Configuration

Creating A Service User

A service account with the proper permissions is needed get access to the API.

1. Log into the Infoblox Cloud portal as an admin.
2. Click Administration -> User Access.
3. Select Users at the top Action bar and click Create User.
   
   
4. In the Create Users dialog, complete the following:

• Name: Enter the name of the user you want to add.
• Type: Choose Interactive type.
• Email: Enter the email address for the user.
• From the AVAILABLE USER GROUPS table select Administrators role.
• Click Save & Close to add the user.

1. Once the user is created, click on reset password by selecting that user. You will receive mail to reset password of user. Change password of created user.
   

Creating the API Key

1. Launch the Cloud Services Portal from a browser.

1. Authenticate with your newly obtained/existing user credentials.
   Once you get to the homepage, hover your name at the bottom left of the screen, and select User Profile.

1. Click on the User API Keys tab and select Create.

1. In the pop-up, specify the Name and the Expiry Date. Ensure that the expiry date is set to a later date from the day you create this API key.
   Select Save & Close.

1. You will see your API key on top of the screen. Make sure to save it. The API key will not be visible again.

DataBee Configuration

Additional information about API configuration can be found at https://docs.databee.buzz/docs/api-ingest

1. Login to the DataBee console and add a new data source.

1. Select Infoblox Bloxone Threat Defense

1. Click on the API Ingest button.

1. Fill in the basic owner information

1. While configuring data source in DataBee UI, select Bearer Token as the Authorization Method. Provide the generated API key in Token field.

Confirm that the API URLs are filled in with

https://csp.infoblox.com/api/dnsdata/v2/dns_event

https://csp.infoblox.com/api/atcfw/v1/threat_feeds