Versions Compared

Version Old Version 1 New Version 2
Changes made by

Shirly Tsang

Shukran Naqati

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Account Configuration page would have fields as below:

    1. Base URL: Base URL of Infoblox Account.

    2. API Token: The API Token of Infoblox Account.(Make sure the API Token has access to SOC Insights API) Infoblox’s API Key.

    3. QRadar Authorization Token: This token is required to make API calls to the QRadar.

      1. For creating an authorization token on QRadar check Generating the QRadar Authorization Token section

      2. For creating an authorization token on QRoC check Generating the Authorization Token on QRoC section

    4. Enable/Disable SOC Insights Collection: It is a toggle button to enable/disable SOC insight collection.

    5. Polling Interval (In Seconds): It is the number of seconds after which API will be called every time during real-time SOC Insights data collection.

    6. For Proxy Settings:

      1. Enable/Disable proxy: It is a toggle button to enable/disable proxy. Users can select its value depending on their environment.

      2. IP/Hostname: IP/Hostname of the proxy server without prefixing HTTP/HTTPS.

      3. Port: Port of the proxy server.

      4. Require Authentication for proxy: It is a checkbox to enable/disable authentication requirements for proxy. Users can select its value depending on their environment.

      5. Username: Username of the Authentication proxy.

      6. Password: Password of the Authentication proxy.
        NOTE: In order to use HTTPS proxy, add the proxy SSL certificate in QRadar by following the steps mentionedin Adding SSL/Proxy Certificates in QRadar section.

  2. Note: Below configurations are currently unavailable to configure.

    1. Enable/Disable TIDE Collection: It is a toggle button to enable/disable TIDE collection.

    2. Threat Indicator Types: It is a multi select dropdown to select multiple threat indicator types.

    3. Historical Time (In UTC): It is a datetime field to select time from where to collect the TIDE data.

    4. Polling Interval (In Seconds): It is the number of seconds after which API will be called every time during real-time TIDE data collection.

    5. Confidence: It is the threshold for TIDE data collection. This will be passed in the query parameter in the API.

    6. Threat Level: It is the threshold for TIDE data collection. This will be used to process the data.

    7. Enable/Disable Automatic Dossier Lookup: It is a toggle button to enable/disable automatic dossier lookup enrichment.

    8. Enable/Disable Automatic IPAM Lookup: It is a toggle button to enable/disable automatic IPAM lookup enrichment.

    9. Enable/Disable Automatic TIDE Lookup: It is a toggle button to enable/disable automatic TIDE lookup enrichment

    10. Enable/Disable Automatic DHCP Lease Lookup: It is a toggle button to enable/disable automatic DHCP Lease lookup enrichment.

    11. Start Time (In UTC): It is a datetime to select start time for DHCP Lease lookup.

    12. EndTime (In UTC): It is a datetime to select end time for DHCP Lease lookup.

  3. After entering all the valid data in the pop-up form, when you click on the save button, the configuration for the Infoblox Account will be stored and the screen will have a success message for the added configuration and a row is added to the screen as shown in Figure.

...