We are excited to announce a new Infoblox® integration with Splunk’s Security Automation and Orchestration platform named Phantom.
Infoblox with Splunk Phantom allows security and incident response teams to leverage the power of a SOAR platform paired with powerful Threat Insight, Event Metadata and granular network control. Infoblox’s Dossier™, DDI, and DNS security offerings empower Splunk Phantom’s ability to locate malicious URLs, eradicate threats, and prevent access to dangerous domains. In summary, this integration allows for powerful automation and therefore maximizes the ROI of both products.
For more information regarding capabilities and configuration of the Infoblox and Splunk Phantom integration, please view the video below:
This integration is provided “as is”. Any changes to your network should be fully tested before deploying into a production environment.
The Infoblox DDI and Dossier apps support a wide variety of actions within Phantom. These actions can be utilized in Phantom playbooks or run on relevant objects.
List of supported actions by app:
|
App
|
Action
|
|
Infoblox DDI
|
list hosts
list rpz
block domain
unblock domain
block ip
unblock ip
get system info
update property
list network view
test connectivity
|
|
Dossier
|
lookup url
lookup hash
lookup ip
lookup domain
test connectivity
|
The integration requires the extensible attribute described in the table below:
|
Extensible Attribute
|
Description
|
|
phantom_id
|
Attaches an id to an object that corresponds to an event.
|
For more in depth information on the Infoblox and Splunk Phantom integration, please view the Infoblox Integration with Splunk Phantom - Deployment Guide.
Comments, Questions, or feedback are welcome.
2941 
1
