Infoblox BloxOne Threat Defense

The Infoblox BloxOne Platform uses AI and algorithms to track DNS threat actors and their activity. Infoblox enables you to deliver DNS services across physical, virtual and cloud environments at scale for simplified DevOps and faster speed to market.  More information can be found at Infoblox website.

Integration Method: API

Tables: DNS Activity (4003), Detection Finding (2004)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have access to the Infoblox Bloxone Cloud Portal with Admin privileges for creating API keys.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate a API key for the created user on the Infoblox BloxOne cloud portal.

2. Add the Infoblox BloxOne threat defense feed integration in the DataBee console with the required API token.

   DataBee Parameter	Infoblox Parameter
   Token	API Key

Infoblox BloxOne Configuration

Start by creating an API Token for the integration.

1. Login to your Infoblox BloxOne cloud service portal which has admin privileges.

   

2. In the upper-right corner, hover to your name and then select Profile.
    

3. Click the User API Keys tab on the top and click Create to generate an API key.
    

4. In the pop-up specify the ‘Name’ and ‘Expires at’ date. Ensure that the expiration date is set to a later date in future as much as possible from the day you created this API key. Click on Apply and then click Save & Close button.
    

5. You will see an “API Access Key Generated” on the top of the screen. Please make sure you copy and keep it on the trusted platform.
    

   Note:

   Make sure to copy and save API Key as it will not be shown again.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

    

2. Search for the Infoblox BloxOne Threat Defense and click it as shown below.
    

3. Click on the API Ingest option for collection method as shown below.
    

4. Enter feed contact information and click Next.
    
   

5. In the configuration page, confirm the following:

• API Base URL: this is the base URL that DataBee will interact with.

• Authorization Method: Bearer Token

• Token: paste the API Key generated earlier in the Infoblox console.

• Event types: preselected for all the event types that integration pulls.

6. Click Submit.

Troubleshooting Tips

• Ensure the token is pasted correctly. Since you cannot view the token after the 1^st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• Ensure the Infoblox BloxOne scopes/permissions are correct.