Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

General Security & Cybersecurity Ecosystem

Reply

Infoblox Integration with Splunk Phantom

[ Edited ]
Techie
Posts: 17
2408     1

We are excited to announce a new Infoblox® integration with Splunk’s Security Automation and Orchestration platform named Phantom.

 

Infoblox with Splunk Phantom allows security and incident response teams to leverage the power of a SOAR platform paired with powerful Threat Insight, Event Metadata and granular network control. Infoblox’s Dossier™, DDI, and DNS security offerings empower Splunk Phantom’s ability to locate malicious URLs, eradicate threats, and prevent access to dangerous domains. In summary, this integration allows for powerful automation and therefore maximizes the ROI of both products.

 

For more information regarding capabilities and configuration of the Infoblox and Splunk Phantom integration, please view the video below:

 

 

This integration is provided “as is”. Any changes to your network should be fully tested before deploying into a production environment.

 

The Infoblox DDI and Dossier apps support a wide variety of actions within Phantom. These actions can be utilized in Phantom playbooks or run on relevant objects.

 

List of supported actions by app:

App

Action

Infoblox DDI

list hosts

list rpz

block domain

unblock domain

block ip

unblock ip

get system info

update property

list network view

test connectivity

Dossier

lookup url

lookup hash

lookup ip

lookup domain

test connectivity

 

The integration requires the extensible attribute described in the table below:

Extensible Attribute

Description

phantom_id

Attaches an id to an object that corresponds to an event.

 

For more in depth information on the Infoblox and Splunk Phantom integration, please view the Infoblox Integration with Splunk Phantom - Deployment Guide.

 

Comments, Questions, or feedback are welcome.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You