Infoblox Cloud Data Connector
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Infoblox |
| Support Tier | Partner |
| Support Link | https://support.infoblox.com/ |
| Categories | domains |
| Version | 3.0.4 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2021-10-20 |
| Solution Folder | Infoblox Cloud Data Connector |
| Pre-requisites | Common Event Format |
The Infoblox Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.
This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.
NOTE: Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on Aug 31, 2024.
Contents
Pre-requisites
This solution depends on 1 other solution(s):
| Solution |
|---|
| Common Event Format |
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
- [Deprecated] Infoblox Cloud Data Connector via Legacy Agent ⚠️
- [Deprecated] Infoblox Cloud Data Connector via AMA
Connectors from dependency solutions:
- Common Event Format (CEF) (dependency on Common Event Format)
- Common Event Format (CEF) via AMA (dependency on Common Event Format)
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 3 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
Common Event Format (CEF) (dependency), Common Event Format (CEF) via AMA (dependency), [Deprecated] Infoblox Cloud Data Connector via AMA, [Deprecated] Infoblox Cloud Data Connector via Legacy Agent | Analytics, Workbooks |
Syslog |
- | Analytics |
ThreatIntelligenceIndicator |
- | Analytics |
Content Items
This solution includes 21 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 11 |
| Analytic Rules | 8 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Infoblox - Data Exfiltration Attack | Medium | Impact | CommonSecurityLog |
| Infoblox - High Threat Level Query Not Blocked Detected | Medium | Impact | CommonSecurityLog |
| Infoblox - Many High Threat Level Queries From Single Host Detected | Medium | Impact | CommonSecurityLog |
| Infoblox - Many High Threat Level Single Query Detected | Medium | Impact | CommonSecurityLog |
| Infoblox - Many NXDOMAIN DNS Responses Detected | Medium | Impact | CommonSecurityLog |
| Infoblox - TI - CommonSecurityLog Match Found - MalwareC2 | Medium | Impact | CommonSecurityLogThreatIntelligenceIndicator |
| Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains | Medium | Impact | CommonSecurityLogThreatIntelligenceIndicator |
| Infoblox - TI - Syslog Match Found - URL | Medium | Impact | SyslogThreatIntelligenceIndicator |
Workbooks
| Name | Tables Used |
|---|---|
| InfobloxCDCB1TDWorkbook | CommonSecurityLog |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Infoblox Import AISCOMM Weekly | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import Emails Weekly | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import Hashes Weekly | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import Hosts Daily Lookalike Domains | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import Hosts Daily MalwareC2DGA | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import Hosts Daily Phishing | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import Hosts Hourly | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import IPs Hourly | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Import URLs Hourly | Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenc... | - |
| Infoblox Incident Enrichment Domains | Leverages the Infoblox TIDE API to enrich Microsoft Sentinel incidents with detailed TIDE data. This... | - |
| Infoblox Incident Send Email | Sends a detailed email when an incident occurs. Optionally enriches an applicable entity within the ... | - |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| InfobloxCDC | - | CommonSecurityLog (read) |
Release Notes
| Version | Date Modified | Change History |
|---|---|---|
| 3.0.5 | 06-01-2025 | Removed Deprecated Data Connector |
| 3.0.4 | 12-07-2024 | Deprecating data connectors |
| 3.0.3 | 30-04-2024 | Updated package for parser issue fix while reinstall |
| 3.0.2 | 05-03-2024 | Updated InfobloxCDC parser to manually parse with extract() rather than dynamically due to slowness |
| 3.0.1 | 11-09-2023 | Addition of new Infoblox Cloud Data Connector AMA Data Connector |
| 3.0.0 | 01-08-2023 | Updated Infoblox logo, Analytic Rules Optimization updates. 5 new rules,Playbooks 11 new playbooks |
| 2.0.10 | 01-06-2023 | Bug fixes, Documentation updates |
| 1.0.0 | 01-04-2021 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊