Infoblox SOC Insight Data Connector via REST API connector for Microsoft Sentinel
The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | InfobloxInsight_CL |
| Data collection rules support | Not currently supported |
| Supported by | Infoblox |
Query samples
Return all logs involving DNS Tunneling
InfobloxInsight_CL
| where threatType_s == "DNS Tunneling"
Return all logs involving a configuration issue
InfobloxInsight_CL
| where tClass_s == "TI-CONFIGURATIONISSUE"
Return count of critical priority insights
InfobloxInsight_CL
| where priorityText_s == "CRITICAL"
| summarize dcount(insightId_g) by priorityText_s
Return each spreading insight by ThreatClass
InfobloxInsight_CL
| where isnotempty(spreadingDate_t)
| summarize dcount(insightId_g) by tClass_s
Return each Insight by ThreatFamily
InfobloxInsight_CL
|
| summarize dcount(insightId_g) by tFamily_s
Vendor installation instructions
Workspace Keys
In order to use the playbooks as part of this solution, find your Workspace ID and Workspace Primary Key below for your convenience.
Workspace Key
Parsers
This data connector depends on a parser based on a Kusto Function to work as expected called InfobloxInsight which is deployed with the Microsoft Sentinel Solution.
SOC Insights
This data connector assumes you have access to Infoblox BloxOne Threat Defense SOC Insights. You can find more information about SOC Insights here.
Follow the steps below to configure this data connector
Next steps
For more information, go to the related solution in the Azure Marketplace.