https://store-images.s-microsoft.com/image/apps.13759.2a15730b-6967-401e-b596-2348606a6286.9a277026-de59-4986-a7b3-1651f152aaee.11188e67-73a7-4455-8aef-5ab389cf86d8
Infoblox Threat Defense Solution for Microsoft Sentinel
Infoblox
Infoblox Threat Defense Solution for Microsoft Sentinel
Infoblox
Infoblox Threat Defense Solution for Microsoft Sentinel
Infoblox
Connect Infoblox to Microsoft Sentinel.
Gain deeper visibility and streamline threat detection in your Microsoft Sentinel environment with Infoblox Threat Defense. Leverage Infoblox DNS, DHCP, and security log data, enriched with actionable threat intelligence, to accelerate threat detection and response across your infrastructure.
Key Technical Benefits:
Seamless DNS Data Integration: Ingest DNS queries, responses, DHCP logs, and security events directly from Infoblox into Microsoft Sentinel for advanced parsing, correlation, and monitoring. Detect suspicious DNS activity early by leveraging this crucial layer of data.
TIDE Threat Intelligence Integration: Import threat indicators from Infoblox TIDE into Sentinel’s Threat Intelligence to detect malicious activity in real time. Automate incident enrichment with threat context, giving your SOC the critical insights needed for informed, rapid response.
Efficient Log Management with CDC: The Infoblox Cloud Data Connector (CDC) efficiently filters DNS, DHCP, and security logs before forwarding them to Sentinel. This helps you avoid unnecessary data volume, reducing SIEM ingestion costs and keeping your logs focused on high-value data.
Prebuilt Security Content: Deploy out-of-the-box security content optimized for Sentinel, including 2 Data Connectors, 1 Parser, 1 Workbook, 8 Analytic Rules, and 11 Playbooks to accelerate threat detection and automate response workflows.
Automated Incident Enrichment: Automatically enrich Microsoft Sentinel incidents with TIDE threat intelligence and trigger email alerts with valuable contextual information for faster triage and investigation.
Requirements:
Infoblox Threat Defense licensing and API key required for full integration with Sentinel.
CDC deployment not included with this solution.
Please refer to the following before installing the solution:
- Review the solution Release Notes.
- Review the TIDE Threat Intelligence playbooks and their installation here.
https://store-images.s-microsoft.com/image/apps.27543.2a15730b-6967-401e-b596-2348606a6286.57faefe6-8cfa-4c2d-aebc-3fc4dad52a00.d4d41c6a-57c7-478e-9aac-01e610518f9f
https://store-images.s-microsoft.com/image/apps.27543.2a15730b-6967-401e-b596-2348606a6286.57faefe6-8cfa-4c2d-aebc-3fc4dad52a00.d4d41c6a-57c7-478e-9aac-01e610518f9f
https://store-images.s-microsoft.com/image/apps.32899.2a15730b-6967-401e-b596-2348606a6286.322e5143-570b-4360-aeed-4cf1ac370c20.cffef49b-16a9-465c-b0fc-9dd958e78275
https://store-images.s-microsoft.com/image/apps.2246.2a15730b-6967-401e-b596-2348606a6286.322e5143-570b-4360-aeed-4cf1ac370c20.413aad17-14ec-492a-b05f-dba87638310a
https://store-images.s-microsoft.com/image/apps.54614.2a15730b-6967-401e-b596-2348606a6286.af92c56c-2b25-4d08-b519-5b502d4f1e56.147c9dc3-eda8-466c-aef5-fd1a0074fb22
https://store-images.s-microsoft.com/image/apps.30723.2a15730b-6967-401e-b596-2348606a6286.af92c56c-2b25-4d08-b519-5b502d4f1e56.8c482205-4c2b-4cb3-ad9d-d6361dfd0635
https://store-images.s-microsoft.com/image/apps.3617.2a15730b-6967-401e-b596-2348606a6286.af92c56c-2b25-4d08-b519-5b502d4f1e56.a530ae86-0a6c-46cb-8dfc-6ad9dbcf62f0