Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Infoblox DNS Firewall provides a mechanism to further protect your network from malware and APTs (Advanced Persistent Threats) through the integration of FireEye appliances. When your NIOS appliance is properly integrated with a FireEye appliance, it receives periodic alerts and APTs from the FireEye appliance when it identifies such threats. Based on your configuration, the NIOS appliance translates these alerts into RPZ rules that not only further protect your network from malicious attacks, but also aid in identifying clients that have been compromised.
As illustrated in Figure 44.2, after installing the required RPZ and FireEye licenses on the NIOS appliance, you can configure a FireEye integrated RPZ in which you map RPZ rules to FireEye alert types. While creating the FireEye RPZ, the appliance generates a URL to which the FireEye appliance sends alerts. Ensure that you enter this URL when configuring the FireEye appliance. The NIOS appliance also creates the fireeye-group admin group after you define the first FireEye RPZ. You can add multiple admin users to this admin group. Note that users in the fireeye-group can only send alerts to the NIOS appliance; they cannot access the Infoblox GUI, CLI, API and RESTful API. They also do not have permissions to perform other tasks on the appliance. Ensure that you record the usernames and passwords for all user accounts so you can enter them correctly when you configure the FireEye appliance. You can map a single or multiple FireEye appliances to a NIOS appliance where multiple users or zones exist.

Anchor
bookmark3302
bookmark3302
Figure 44.2 FireEye Integrated RPZ


1Create a FireEye integrated RPZ zone and define rule mapping.
Log in to the FireEye GUI. Add user credentials and the URL that is generated by the NIOS appliance.












25While processing the FireEye RPZ, NIOS generates an URL.
Create admin users in the
3fireeye-group. Note that the
fireeye-group is created automatically.



6
Malware is detected4
Copy the generated URL.

7Fireeye generates an alert


To configure a FireEye integrated RPZ, complete the following:

...