Infoblox SOC Insight Data Connector via REST API
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | InfobloxSOCInsightsDataConnector_API |
| Publisher | Infoblox |
| Used in Solutions | Infoblox, Infoblox SOC Insights |
| Collection Method | REST Pull API |
| Connector Definition Files | InfobloxSOCInsightsDataConnector_API.json |
| Ingestion API | HTTP Data Collector API — Connector definition requires workspace key (SharedKey pattern) |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
InfobloxInsight_CL 🔶 |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Workspace Keys
In order to use the playbooks as part of this solution, find your Workspace ID and Workspace Primary Key below for your convenience.
- Workspace ID: WorkspaceId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Workspace Key:
PrimaryKeyNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
2. Parsers
This data connector depends on a parser based on a Kusto Function to work as expected called InfobloxInsight which is deployed with the Microsoft Sentinel Solution.
3. SOC Insights
This data connector assumes you have access to Infoblox BloxOne Threat Defense SOC Insights. You can find more information about SOC Insights here.
4. Follow the steps below to configure this data connector 1. Generate an Infoblox API Key and copy it somewhere safe
In the Infoblox Cloud Services Portal, generate an API Key and copy it somewhere safe to use in the next step. You can find instructions on how to create API keys here.
2. Configure the Infoblox-SOC-Get-Open-Insights-API playbook
Create and configure the Infoblox-SOC-Get-Open-Insights-API playbook which is deployed with this solution. Enter your Infoblox API key in the appropriate parameter when prompted.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊