Infoblox Threat Defense with DDI

This app integrates with Infoblox Threat Defense with DDI to provide DNS Security, Threat Intelligence, and Centralized DDI (DNS, DHCP, and IP Address Management) capabilities. It enables automated lookups of IP and host asset data, and management of custom lists for security policies.

Supported Actions

• on poll: Ingest data from Infoblox (DNS Security Events or SOC Insights based on configuration)
• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• initiate indicator intel lookup: Initiate an indicator investigation using Infoblox Dossier
• get indicator intel lookup result: Retrieve the result of a previously initiated Dossier lookup for an indicator (IP/URL/Host/MAC/Hash)
• ip asset data lookup: Look up asset data for a given IP address using IPAM address information
• get custom list: Retrieve Custom Lists from Infoblox by ID, name, or filtering criteria
• remove custom list: Delete a Custom List from Infoblox Cloud
• create network list: Create a Network List with specified name, items, and optional description
• update network list: Update metadata and CIDRs of a specified network list
• get network list: Retrieve network lists and their metadata
• get soc insights assets: Retrieve the list of associated assets for a given Insight ID
• remove network list: Remove a specific network list by ID
• host asset data lookup: Look up host asset data using IPAM host information to retrieve detailed host information from Infoblox
• dns record lookup: Perform a DNS record query to retrieve associated IPs or domains from Infoblox DDI
• dhcp lease lookup: Perform a DHCP lease query to retrieve lease information from Infoblox DDI
• indicator threat lookup: Lookup threat intelligence details for an indicator using Infoblox TIDE
• create custom list: Create a new custom list with specified details and items
• update custom list: Update metadata of an existing custom list such as name, description, confidence level, threat level, or tags
• remove security policy: Remove a specific Security Policy by Security Policy ID
• get security policy: Retrieve Security Policies and their metadata
• create security policy: Create a Security Policy, including its name, rules, associated network lists, DNS Forwarding Proxies (DFPs) etc
• update custom list items: Insert or remove individual items (e.g., IPs, domains) in a custom list
• update security policy: Update a specific Security Policy, including its name, rules, associated network lists, DNS Forwarding Proxies (DFPs) etc
• get soc insights comments: Retrieve the list of comments associated with a specific Insight ID from Infoblox, optionally filtered by a time range
• get soc insights indicators: Retrieve a filtered list of indicators associated with a specific Insight ID from Infoblox, supporting multiple filter parameters
• get soc insights events: Retrieve a detailed list of threat-related events for a specific Insight ID from Infoblox SOC Insights