Infoblox BloxOne Threat Defense
Infoblox BloxOne Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
BloxOne Threat Defense is a hybrid cybersecurity solution that leverages DNS as the first line of defense to detect and block cyber threats.
#
Configure Infoblox BloxOne Threat Defense in CortexParameter | Required |
---|---|
Service API Key | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
bloxone-td-dossier-lookup-getThe Dossier Lookup API returns detailed information on the specified indicator from the requested sources.
#
Base Commandbloxone-td-dossier-lookup-get
#
InputArgument Name | Description | Required |
---|---|---|
indicator_type | The type of indcator to search by. Possible values are: host, ip, url, hash, email. | Required |
value | The indicator to search on. | Required |
sources | The sources to query. Multiple sources can be specified. If no source is specified, the call will search on all available sources. (You can see the list of the available sources by running bloxone-td-dossier-source-list). | Optional |
interval_in_seconds | The interval in seconds between each poll. Default is 10. | Optional |
timeout | The timeout in seconds until polling ends. Default is 600. | Optional |
job_id | used for polling. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
BloxOneTD.DossierLookup.source | String | The Dossier source. |
BloxOneTD.DossierLookup.target | String | The targeted indicator. |
BloxOneTD.DossierLookup.task_id | String | The Dossier task ID. |
BloxOneTD.DossierLookup.type | String | The indicator type. |
#
Command example!bloxone-td-dossier-lookup-get indicator_type="ip" value="11.22.33.44" sources="activity,threatfox,ccb"
#
Context Example#
Human Readable Output#
Lookalike Domain List
Task Id Type Target Source d418b8d6-831c-4f6f-a31a-6d48995d2267 ip 11.22.33.44 threatfox 91945be3-0cef-4d03-afd7-e4f25864553d ip 11.22.33.44 ccb 7145a1ca-40a9-43df-b0a3-c4281e5abd7e ip 11.22.33.44 activity
#
bloxone-td-dossier-source-listGet available Dossier sources.
#
Base Commandbloxone-td-dossier-source-list
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
BloxOneTD.DossierSource | String | Available Dossier sources. |
#
Command example!bloxone-td-dossier-source-list
#
Context Example#
Human Readable Output#
Results
DossierSource activity ccb geo threatfox
#
bloxone-td-lookalike-domain-listGet lookalike domain lists.
Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.
#
Base Commandbloxone-td-lookalike-domain-list
#
InputArgument Name | Description | Required |
---|---|---|
filter | The free query filter argument. | Optional |
target_domain | Filter by target domain. | Optional |
detected_at | Filter by values that are greater than or equal to the given value. You can use ISO format (e.g. '2023-02-14T00:11:22Z') or use a relative time (e.g. "3 days"). | Optional |
limit | Maximum number of results to return from the query. Default is 50. | Optional |
offset | Return results starting at this offset. Should be an integer. Default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
BloxOneTD.LookalikeDomain.detected_at | Date | The date of the lookalike detection. |
BloxOneTD.LookalikeDomain.lookalike_domain | String | The lookalike domain. |
BloxOneTD.LookalikeDomain.lookalike_host | String | The lookalike host. |
BloxOneTD.LookalikeDomain.reason | String | The reason for the detection. |
BloxOneTD.LookalikeDomain.target_domain | String | The domain that was targeted by the lookalike domain. |
#
Command example!bloxone-td-lookalike-domain-list detected_at="1y"
#
Context Example#
Human Readable Output#
Results
Detected At Lookalike Domain Lookalike Host Reason Target Domain 2023-01-27T18:43:01Z test.a.com test.a.com Domain is a lookalike to test.com. The creation date is 2023-01-22. test.com 2023-01-28T18:36:27Z test.b.com test.b.com Domain is a lookalike to test.com and has suspicious registration, behavior, or associations with known threats. The creation date is 2022-11-30. test.com 2023-01-28T18:37:03Z test.c.com test.c.com Domain is a lookalike to test.com. The creation date is 2022-09-18. test.com