Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

General Security & Cybersecurity Ecosystem


Infoblox Integration with Splunk Phantom

[ Edited ]
Posts: 17
2544     1

We are excited to announce a new Infoblox® integration with Splunk’s Security Automation and Orchestration platform named Phantom.


Infoblox with Splunk Phantom allows security and incident response teams to leverage the power of a SOAR platform paired with powerful Threat Insight, Event Metadata and granular network control. Infoblox’s Dossier™, DDI, and DNS security offerings empower Splunk Phantom’s ability to locate malicious URLs, eradicate threats, and prevent access to dangerous domains. In summary, this integration allows for powerful automation and therefore maximizes the ROI of both products.


For more information regarding capabilities and configuration of the Infoblox and Splunk Phantom integration, please view the video below:



This integration is provided “as is”. Any changes to your network should be fully tested before deploying into a production environment.


The Infoblox DDI and Dossier apps support a wide variety of actions within Phantom. These actions can be utilized in Phantom playbooks or run on relevant objects.


List of supported actions by app:



Infoblox DDI

list hosts

list rpz

block domain

unblock domain

block ip

unblock ip

get system info

update property

list network view

test connectivity


lookup url

lookup hash

lookup ip

lookup domain

test connectivity


The integration requires the extensible attribute described in the table below:

Extensible Attribute



Attaches an id to an object that corresponds to an event.


For more in depth information on the Infoblox and Splunk Phantom integration, please view the Infoblox Integration with Splunk Phantom - Deployment Guide.


Comments, Questions, or feedback are welcome.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You