njeanselme/Infoblox-BloxOne-Threat-Defense-Splunk-app njeanselme/Infoblox-BloxOne-Threat-Defense-Splunk-app

  • Stars
    star
    1
  • Language
    Python
  • Created over 4 years ago
  • Updated over 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
njeanselme/Infoblox-BloxOne-Threat-Defense-Splunk-app
github

njeanselme

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This application allows to: - acquire ActiveTrust / BloxOne Threat Defense Cloud logs using REST API - filter it efficiently with full drill down support based on the time, threat property, threat class, source IP, domain name, query type and much more - summarize hits by IOCs - get IOCs context from Infoblox Dossier threat intelligence - prioritize hits based on context - search and pivot Threat Intelligence based on the IOCs matched in DNS traffic Mandatory requires ActiveTrust / BloxOne Threat Defense Optionally requires Dossier for threat intelligence

More Repositories

1

feed-to-csp

BloxOne Threat Defense integration with Fortinet and Palo Alto domain names and IPs brings an even wider IOC coverage by threat intelligence unification. Fortinet IOCs are enforced at DNS level globally on all DNS even for roaming users who have not established their VPN
Python
7
star
2

botdc-endpoints-management

map endpoints to endpoint_groups based on naming policy
Python
1
star