Infoblox BloxOne Threat Defense is a comprehensive DNS Detection and Response (DNSDR) solution that detects and prevents a broad range of look-alike domain use, fast flux, and many others.
SIRP’s integration with Infoblox BloxOne improves security operations by fusing the capabilities of the two platforms, allowing analysts to respond to threats quickly and proactively.
Supported Actions
SIRP’s Infoblox BloxOne integration app allows you to execute the following actions:
Action | Description |
Get IP Info | Get IP’s reputation and details |
Get Hostname Info | Get Hostname’s reputation and details |
Get URL Info | Get URL’s reputation and details |
Block Domain | Block a domain on Infoblox BloxOne |
Unblock Domain | Unblock a domain on Infoblox BloxOne |
Requirements
This app configuration requires:
Policy Name: <Policy name for blocked domains list>
Api Key: <Api Token_key>
Enable the Infoblox BloxOne App in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named Infoblox BloxOne App.
Enable the Infoblox BloxOne app by clicking the toggle button under the Status.
Once enabled, click on the configuration button to add the following configuration:
Configuration Name: <Give any name to this configuration>
Token: <API TOKEN KEY>
Integration in Action
Once the integration between SIRP and Infoblox BloxOne is complete, you can execute all the supported Actions. For example, from any container, click on the Domain then select
Infoblox BloxOne > Block Domain
Select the App configuration, add the Custom-list name of bloxone, and then click execute.
Once the action is successfully executed, the domain will be blocked on Infoblox BloxOne.
Similarly, to execute enrichment actions from any container, click on the Hostname and then select Infoblox BloxOne > Get Hostname Info
Select the App configuration name of BloxOne, then click execute.
Once the action is successfully executed, the Hostname information will be available to the user.
