- 14 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Infoblox BloxOne Threat Defense
- Updated on 14 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
The Infoblox BloxOne Platform uses AI and algorithms to track DNS threat actors and their activity. Infoblox enables you to deliver DNS services across physical, virtual and cloud environments at scale for simplified DevOps and faster speed to market. More information can be found at Infoblox website.
Integration Method: API
Tables: DNS Activity (4003), Detection Finding (2004)
This integration supports the following events.
Event | Description |
---|---|
DNS Events | Gives a list of DNS security policy hits. |
Threat Feeds | Gives the information on all threat feed objects on the account. |
This integration supports the following versions.
Infoblox BloxOne Threat Defense API version | Threat Feeds - v1.0 |
Prerequisites
The user should have access to the Infoblox Bloxone Cloud Portal with Admin privileges for creating API keys.
The user should have access to the DataBee console.
Configuration Overview
Generate a API key for the created user on the Infoblox BloxOne cloud portal.
Add the Infoblox BloxOne threat defense feed integration in the DataBee console with the required API token.
DataBee Parameter
Infoblox Parameter
Token
API Key
Infoblox BloxOne Configuration
Start by creating an API Token for the integration.
Login to your Infoblox BloxOne cloud service portal which has admin privileges.
In the upper-right corner, hover to your name and then select Profile.
Click the User API Keys tab on the top and click Create to generate an API key.
In the pop-up specify the ‘Name’ and ‘Expires at’ date. Ensure that the expiration date is set to a later date in future as much as possible from the day you created this API key. Click on Apply and then click Save & Close button.
You will see an “API Access Key Generated” on the top of the screen. Please make sure you copy and keep it on the trusted platform.
Note:
Make sure to copy and save API Key as it will not be shown again.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Infoblox BloxOne Threat Defense and click it as shown below.
Click on the API Ingest option for collection method as shown below.
In the configuration page, confirm the following:
API Base URL: this is the base URL that DataBee will interact with.
Authorization Method: Bearer Token
Token: paste the API Key generated earlier in the Infoblox console.
Event types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the Infoblox BloxOne scopes/permissions are correct.