Infoblox Data Connector via REST API

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index

Attribute Value
Connector ID InfobloxDataConnector
Publisher Infoblox
Used in Solutions Infoblox
Collection Method Azure Function (TI Upload API)
Connector Definition Files Infoblox_API_FunctionApp.json
Ingestion API STIX 2.0 Upload Indicators APIConnector code references STIX 2.0 Upload Indicators API endpoint (matched 'sentinelus.azure-api.net')
Microsoft Learn View on Learn

The Infoblox Data Connector allows you to easily connect your Infoblox TIDE data and Dossier data with Microsoft Sentinel. By connecting your data to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.

Tables Ingested

This connector ingests data into the following tables:

Table Transformations Ingestion API Lake-Only
ThreatIntelIndicators
ThreatIntelObjects ?

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions:

Custom Permissions:

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

NOTE: This connector uses Azure Functions to connect to the Infoblox API to create Threat Indicators for TIDE and pull Dossier data into Microsoft Sentinel. This might result in additional data ingestion costs. Check the Azure Functions pricing page for details.

(Optional Step) Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. Follow these instructions to use Azure Key Vault with an Azure Function App.

STEP 1 - App Registration steps for the Application in Microsoft Entra ID

This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:

  1. Sign in to the Azure portal.
  2. Search for and select Microsoft Entra ID.
  3. Under Manage, select App registrations > New registration.
  4. Enter a display Name for your application.
  5. Select Register to complete the initial app registration.
  6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the Application (client) ID and Tenant ID. The client ID and Tenant ID is required as configuration parameters for the execution of the TriggersSync playbook.

Reference link: https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app

STEP 2 - Add a client secret for application in Microsoft Entra ID

Sometimes called an application password, a client secret is a string value required for the execution of TriggersSync playbook. Follow the steps in this section to create a new Client Secret:

  1. In the Azure portal, in App registrations, select your application.
  2. Select Certificates & secrets > Client secrets > New client secret.
  3. Add a description for your client secret.
  4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.
  5. Select Add.
  6. Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page. The secret value is required as configuration parameter for the execution of TriggersSync playbook.

Reference link: https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret

STEP 3 - Assign role of Contributor to application in Microsoft Entra ID

Follow the steps in this section to assign the role:

  1. In the Azure portal, Go to Resource Group and select your resource group.
  2. Go to Access control (IAM) from left panel.
  3. Click on Add, and then select Add role assignment.
  4. Select Contributor as role and click on next.
  5. In Assign access to, select User, group, or service principal.
  6. Click on add members and type your app name that you have created and select it.
  7. Now click on Review + assign and then again click on Review + assign.

Reference link: https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal

STEP 4 - Steps to generate the Infoblox API Credentials

Follow these instructions to generate Infoblox API Key. In the Infoblox Cloud Services Portal, generate an API Key and copy it somewhere safe to use in the next step. You can find instructions on how to create API keys here.

STEP 5 - Steps to deploy the connector and the associated Azure Function

IMPORTANT: Before deploying the Infoblox data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the Infoblox API Authorization Credentials

6. Azure Resource Manager (ARM) Template

Use this method for automated deployment of the Infoblox Data connector.

  1. Click the Deploy to Azure button below.

    Deploy To Azure

  2. Select the preferred Subscription, Resource Group and Location.

  3. Enter the below information : Azure Tenant Id Azure Client Id Azure Client Secret Infoblox API Token Infoblox Base URL Workspace ID Workspace Key Log Level (Default: INFO) Confidence Threat Level App Insights Workspace Resource ID

  4. Mark the checkbox labeled I agree to the terms and conditions stated above.

  5. Click Purchase to deploy.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index