This topic includes new features and enhancements for Infoblox Threat Defense. You can view information about other enhancements and maintenance for Infoblox products and services in the Infoblox SaaS Release Notes.
Infoblox Threat Defense – September 6, 2024
...
.
...
This release addresses an issue with statically assigned DNS servers on network interfaces. For more information about Infoblox Endpoint, see Managing Endpoint.
New Infoblox Portal – September 05, 2024
...
Access Views enables users to set custom fine-grained access rules for specified users or groups and associated DDI resources.
Infoblox Endpoint releases version 2.4.16 for Windows and macOS
This release addresses an issue with statically assigned DNS servers on network interfaces. For more information about Infoblox Endpoint, see Managing Endpoint.
BloxOne Threat Defense – August 29, 2024
Data Connector introduces BloxOne Cloud-to-Cloud SIEMs, emphasizing fully managed services with seamless integrations with third-party SaaS services.
Key enhancements in this release:
Facilitates the setup of a Syslog destination in BloxOne Cloud.
Facilitates the setup of automations in BloxOne Cloud.
Facilitates the setup of an HTTP Destination in BloxOne Cloud.
For more information, see Data Connector and Infoblox Ecosystem.
Infoblox Ecosystem now offers support for automation integrations running in BloxOne Cloud, enabling the automation of Cloud-to-Cloud workflows.
Users have the ability to configure automated workflows, with service instance options specifically for setting up cloud-to-cloud flows. For more information, see Data Connector and Infoblox Ecosystem.
BloxOne Threat Defense – August 19, 2024
To enhance Threat Defense services, Infoblox has launched a new second-level infobloxtd.com domain along with additional IP addresses, 103.80.6.120 and 52.119.41.120.
Infoblox strongly recommends that all customers update their network configuration to enable access to the new IP addresses, the second-level domain, and all its subdomains. Infoblox plans to launch services utilizing these IP addresses and hostnames under infobloxtd.com by mid-September 2024.
Data Connector introduces additional event field options for Atlas Notification settings.
This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, seeCreating Traffic Flows.
BloxOne Threat Defense – August 14, 2024
Data Connector introduces additional event field options for Audit Log settings.
This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see Creating Traffic Flows.
BloxOne Threat Defense – August 5, 2024
Infoblox launches the Infoblox Ecosystem Program.
This program includes a self-service portal, offering certified, out-of-the-box integrations with leading technology providers. The program is powered by Automations, an event-driven automation framework designed to streamline integration development. These integrations have undergone rigorous testing and validation to ensure compatibility and support by Infoblox. The program aims to help NetOps and SecOps teams automate workflows, enhance security, and improve collaboration across on-premises, hybrid, and multi-cloud environments. For information, see Ecosystem Portal.
BloxOne Threat Defense – August 2, 2024
Data Connector now supports sending logs to an HTTP destination in Splunk CIM data format.
When configuring a Data Connector traffic flow, you now have the option to choose Splunk CIM as the log message format when you configure HTTP as the destination. For information, see Setting Up HTTP.
BloxOne Threat Defense releases BloxOne Mobile Endpoint for iOS without VPN dependency.
To improve compatibility with VPN solutions, including on-demand VPN, BloxOne Mobile Endpoint for iOS will be able to use the iOS native DNS proxy framework to intercept all DNS traffic. Requirements: iOS/iPadOS 14.x and later, deployment by an MDM.For more information about BloxOne Mobile Endpoint, see Managing BloxOne Mobile Endpoint.
BloxOne Threat Defense – August 1, 2024
Infoblox introduces event selection field options for BloxOne Threat Defense DNS Query/Response log, BloxOne Threat Defense Policy Hits log, BloxOne DDI DNS Query/Response log, and Service Logs exported by Data Connector.
BloxOne Threat Defense – July 26, 2024
BloxOne Endpoint releases version 1.0.9 for Linux Ubuntu 22
This release includes stability improvements. For more information about BloxOne Endpoint, seeManaging Endpoint.
BloxOne Threat Defense – July 24, 2024
...
BloxOne Endpoint releases version 2.4.10 for Windows and macOS.
This release includes stability improvements and resolves minor issues. For more information about BloxOne Endpoint, see Managing Endpoint.
BloxOne Threat Defense – July 12, 2024
BloxOne introduces tagging enhancements that restrict tag values displayed during tag addition, application, and filtering to those currently assigned to objects. Additionally, predefined tag values can now be defined through restricted tags, instead of freeform tags. To explicitly add values to a freeform tag, convert the tag to a restricted tag first.
For more information, see Managing Tags.
...
BloxOne enhances the performance and usability of Global Search on the Cloud Services Portal, making it easier and faster for users to find what they need.
Global search includes the following enhancements:
- Users can now start a search by pressing the Enter key after entering key words.
- Quick results will display the top three relevant results.
- Users will see two groups of results: one for Exact Matches and the other for Related Results.
- Exact match results will appear within a second.
- Related results will be visible within a few seconds.
BloxOne Threat Defense – May 27, 2024
BloxOne Endpoint releases version 2.4.9 for Windows and MacOS.
This release includes stability improvements and resolves minor issues. For information, see Managing Endpoint.
BloxOne Threat Defense – May 9, 2024
BloxOne Threat Defense introduces a new RPZ feed structure that provides simplicity and user-friendly feed names.
BloxOne Threat Defense for NIOS now includes a new RPZ feed structure that provides simplicity, along with user friendly names, allowing users to set the correct policies and address the growing number of available RPZs over time. With the new structure, customers can configure their policy action correctly per their risk posture and have an “at a glance” understanding of how their network is protected. This requires removing the prior configured RPZ feeds and updating them to the consolidated new RPZs. The old RPZs will be supported until December 2024, giving time for transition to the new RPZ. The old RPZs will be deprecated after December 2024. Beyond the current RPZ updates for OnPrem, the feeds on the cloud will also be updated to reflect the same feed structure around July 2024.
Configuration Guide: https://docs.infoblox.com/space/BloxOneThreatDefense/622493764/Feed+Revamp+for+NIOS.
...
Feed Name | Essentials | Business On-Prem | Advanced |
Infoblox Base | ✔ | ✔ | ✔ |
Infoblox Base IP | NA | ✔ | ✔ |
Infoblox High Risk | NA | NA | ✔ |
Infoblox Medium Risk | NA | NA | ✔ |
Infoblox Low Risk | NA | NA | ✔ |
Infoblox Informational | NA | ✔ | ✔ |
BloxOne Threat Defense – May 1, 2024
The default time filter in BloxOne Threat Defense reports has been updated from one hour to 24 hours.
The default time filter change applies to the following reports: DNS Activity, Security Activity, Summary Reports, Application Discovery, and Web Content Discovery. A one hour reporting option is still available, but it is no longer the default. The default time filter setting benefits our customers by improving the performance of the rendering reports.
...
The enhancements are particularly beneficial for administrators managing multiple organizations or sandboxes, simplifying the process of accessing and controlling subsidiary organizational accounts. The enhancements also overhaul the Cloud Services Portal's current account-switching feature by introducing an improved account selection menu that can handle hundreds of organizational accounts and includes a search and filter function for better organizational account management.
...
- Administrators managing multiple organizations can set a default account, which is automatically accessed upon the initial connection to the Cloud Services Portal after authentication.
- Administrators are able to specify favorite organizations, which are prominently displayed at the top of the account selection window/menu for quick and easy access.
...
Infoblox Data Connector supports forwarding of BloxOne DHCP lease logs to a NIOS reporting destination.
Infoblox Data Connector now allows you to forward BloxOne DHCP lease logs to NIOS reporting, streamlining network administration workflows and enhancing efficiency. For more information, see Configuring Traffic Flows.
BloxOne Threat Defense – March 14, 2024
...
RPZ logs exported to AWS S3 and the object storage service will be updated to include additional fields: "key," "sld," and an "extra" field to provide additional metadata such as username, client region and country, endpoint group, response, etc. This RPZ log export enhancement uses a different output path on the customers' S3 bucket ( / rpz_enriched / year=xxxx / month=xx / day=xx /hour=xx ). For information, see Log File Format.
...
By distilling vast numbers of alerts into crucial insights, analysts can prioritize and address critical issues more efficiently and effectively. SOC Insights further empowers analysts with instant access to relevant network, event, and DNS intelligence, allowing for speedy, informed decision-making and accelerated incident response and threat mitigation. SOC Insights is offered as an optional feature for both BloxOne Threat Defense Advanced and BloxOne Threat Defense for BloxOne Business Cloud customers. Additionally, Configuration Insights is automatically integrated into all existing BloxOne Threat Defense Business Cloud and Advanced user accounts, offering guidance on optimal detection settings and adherence to best practices.
Customers interested in exploring this feature can reach out to the sales team to request a trial. For information, see SOC Insights.
BloxOne Threat Defense – February 1, 2024
...
The latest update to the BloxOne Endpoint for Windows, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Mac, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint
BloxOne Endpoint for Mac support for Join Tokens
The latest update to the BloxOne Endpoint for Mac, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Windows, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.
BloxOne Threat Defense – January 29, 2024
...
- Logs from the Data Connector are now accessible for both viewing and downloading through the Cloud Services Portal.
- The Data Connector has the capability to export service logs to all supported destinations, including integration with SIEM (Security Information and Event Management) systems.
For information, see BloxOne Notifications and Configuring Traffic Flows.
...
BloxOne supports host deployment using generation 2 virtual machines on Hyper-V/Azure.
BloxOne now supports generation 2 VMs when you deploy BloxOne hosts in Microsoft Azure. For more information, see Microsoft Azure Deployment.
BloxOne supports adding host tags associated with the Cloud Services Portal during BloxOne host deployments.
When you deploy a BloxOne host, you can add a host tag to the "userdata" file to associate the host with the Cloud Services Portal. For more information, see YML and JSON Templates.
BloxOne supports firmware updates on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 hardware appliances.
To upgrade the firmware on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 appliances, you can now download firmware upgrades and apply a firmware upgrade script via the debug CLI or a USB flash drive. For more information, see Updating Firmware on Hardware Appliances.
BloxOne host deployment on Google Cloud Portal (GCP) now supports IPv6.
For information, see Google Cloud Portal (GCP) Deployment.
BloxOne Threat Defense – January 5, 2024
...
Enhanced audit logging track changes in security policies, custom lists, application/category filters, BloxOne Endpoint/BloxOne Endpoint group settings, and more. For more information, see Viewing Audit logs.
BloxOne lookalike domain management includes suggested domains for monitoring.
A maximum of 25 suggested lookalike domains can be added to a custom lookalike watch list for monitoring. For more information, see Viewing Custom Watched Domains and Adding Suggested Lookalike Domains.
BloxOne Threat Defense – October 5, 2023
...
Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds.
Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds. Newly created custom RPZs are limited to a maximum of 6 million records. This limit includes all available feeds, such as Infoblox-curated data, Infoblox’s third-party data, and any uploaded data you provide. A new sizing indicator displays the number of records contained within a custom RPZ feed. Custom RPZ feeds created prior to the introduction of the new sizing guidelines will not be impacted by the new sizing guidelines, although no new records can be added. For information, see Sizing Guidelines for Custom RPZ Feeds.
For information, see Sizing Guidelines for Custom RPZ Feeds.
BloxOne Threat Defense – September 26, 2023
...
BloxOne Threat Defense – September 1, 2023
You can now set up BloxOne sandboxes as test environments.
If your business requires a separate BloxOne test environment, you can purchase a BloxOne sandbox and set it up for testing purposes. For more information, see Managing Sandboxes.
BloxOne Threat Defense – August 24, 2023
BloxOne lookalike domain management now supports the monitoring of up to 25 custom-watched domains.
The maximum number of custom lookalike domains that can be monitored has been increased from 10 to 25. For information, see Custom Lookalike Domain Monitoring.
BloxOne Threat Defense – August 22, 2023
The following BloxOne Threat Defense RPZ feeds have been deprecated and are no longer available for BloxOne Threat Defense or for On-Prem DNS Firewall: SURBL Fresh Domains, SURBL Multi Domains, and SURBL Multi Lite Domains.
It is recommended that you add the following feeds in place of the deprecated feeds:
- NOED, with the same policy rules originally selected for SURBL Fresh
- Suspicious Domains with one of the policy actions to Block, if available based on subscription level.
- Suspicious Lookalikes with one of the policy actions to Block, if available based on subscription level.
- Suspicious NOED with one of the policy actions to Block, if available based on subscription level.
For information, see Recommended Feed Configuration to Replace the SURBL Feeds.
BloxOne Threat Defense – August 17, 2023
...
BloxOne Threat Defense – August 16, 2023
You can now transfer services from one BloxOne host to another.
The ability to reassign or transfer a service from one host to another is useful in situations where you need to update your network infrastructure or retire a BloxOne host. For information, see Editing General Service Information.
BloxOne Threat Defense – August 14, 2023
BloxOne Introduces notification enhancements to improve usability.
BloxOne notification includes the following enhancements:
- When you click Notifications on the left navigation panel of the Cloud Services Portal, you can view personal notifications generated for your user account.
- You can click the notification icon at the top of the left navigation to view the 30 latest notifications in the New Notifications panel. The number displayed on the icon indicates the number of notifications you have received within the last three days.
- You can choose the types of personal notifications you would like to receive. Individual settings do not affect the global or admin settings for other users.
For information on BloxOne notifications, see BloxOne Infoblox Platform Notifications.
BloxOne Threat Defense – July 28, 2023
The BloxOne Application Discovery Report receives a makeover, enhancing user experience and providing more valuable insights into application usage within your network.
Updates to the Application Discovery Report introduce a refreshed look-and-feel, including new page headers and the ability to view historical data on the All Applications page for Approved and Unapproved application states. Application Discovery is available to BloxOne Threat Defense Advanced subscribers. For information, see Application Discovery.
The Notional Threat Insight List (TI-DNST) provides users with information about DNS Tunnels in their early stages, not yet fully classified as malicious.
The Notional Threat Insight List detects DNS Tunnels in their preliminary phases before they reach a fully malicious status. This list operates with a default action of Allow-With Log. Since the tunnels are not yet conclusively identified as fully malicious, blocking them outright could lead to false positives. Organizations can modify the default action to "Block" if their risk tolerance or organizational needs dictate.
BloxOne supports CISA Protective DNS encrypted DNS service.
For Federal accounts, BloxOne supports CISA Protective DNS, a secure and compliant server configuration utilizing encrypted DNS protocols (DNS-over-HTTPS or DNS-over-TLS). Encrypted resolvers must be used when communicating with upstream DNS resolvers in adherence to to OMB memorandum M-22-09. For information, see Configuring DNS Forwarding Proxy to Use Encrypted DNS Protocols.
BloxOne provides new service KPI metrics for DNS Forwarding Proxy.
Two new service KPI metrics have been introduced for DNS Forwarding Proxy: DFP Service Status and DFP Service Queries per Second.
Infoblox SSO Portal now supports Google Authenticator for multi-factor authentication, in addition to Okta Verify.
You can now choose Google Authenticator, in addition to Okta Verify, as the authentication method when you configure multi-factor authentication for your Cloud Services Portal users who have an email domain that matches the selected domain name. For more information, see Activating Multi-Factor Authentication.
Retirement of TIDE RPZ threat feeds entitlements.
The following feeds are being retired from TIDE service:
...
The BloxOne Endpoint management page has been enhanced with additional endpoint properties (hostname, username, OS, location, and more) and additional functionality on a dedicated page which can be shared using its unique URL. A new property endpoint's public IP address was also included as part of this enhancement. For information, see Viewing Endpoint Devices and Viewing Mobile Endpoint Devices.
The default block and allow custom lists now allow editing of domains, IP addresses, and tags.
The default customer configuration now includes default Allow - No Log for the custom allow list and Block - with Log for the custom block list. These lists are included in the default policy for new and existing customers. For information, see Custom Lists.
BloxOne Threat Defense – July 20, 2023
...
New Threat Insight deduction method ensures domains reported in RPZs are added for monitoring.
The issue regarding the detection of DNS Tunneling events not being detected when using a filter with all categories and the action set to Allow-Log has been resolved. To remedy this issue, the check for a domain being part of an RPZ has been removed from the filtering process. This change allows the reported domains to correctly go through the Threat Insight deduction process. In the Cloud Services Portal, you can view the domains that have undergone Threat Insight deduction in the Threat Insight report section of the Security Activity report (Reports > Security Activity > Threat Insight). To make it easier to see the applied action filtering, a new column called Action has been added to the Threat Insight report. This column allows you to monitor the actions applied to reported domains based on precedence, ensuring protection. For more information, refer to the Threat Insight Report. For information see, Threat Insight Report.
BloxOne Threat Defense – July 03, 2023
BloxOne Notifications has a new data type for Data Connector
You can provision Data Connector to deliver Cloud Services Portal event notifications such as CPU utilization, new feature announcements, and more, to a SIEM destination. For information, see BloxOne Notifications.
You can now query host statuses using the BloxOne API.
...
On May 18, 2023, Infoblox removed the ability to view legacy API keys as part of the process of deprecating these keys (which were replaced by the new API keys in February 2021). Since then, Infoblox identified a set of customers that are still using the legacy API keys. To provide all customers with the best possible experience and support while we complete the transition to the new API keys, the legacy API keys will remain visible and active until the end of July 2023.
BloxOne Threat Defense – June 9, 2023
When you perform a local search in the Manage > Infrastructure section, you can view all the objects on the specific tab (such as the Hosts or Templates tab) based on your filtering criteria; and you can page through the results. This applies to the Hosts, Services, Monitoring, Templates, and Location tabs.
You can now use Global Search to find template objects by Name, Description and Tags.
BloxOne Threat Defense – May 31, 2023
...
BloxOne Threat Defense – May 18, 2023
You will no longer be able to view legacy API keys on the Cloud Services Portal. The legacy API keys are also not supported in API calls.
BloxOne Threat Defense – May 9, 2023
BloxOne Endpoint version 2.3.11 contains a few fixes and enhancements.
This release fixes a rare occurrence when Endpoint for MacOS doesn't switch to the protected state after coming back from the "sleep" state.
A configuration issue has been fixed if the DNS bypass probe domain is included in an internal domain list.
Cleaning up temporary files and folders after an upgrade.
Updated Infoblox branding.
...
BloxOne Threat Defense – April 20, 2023
Infoblox BloxOne continuously synchronizes account names with corporate names. If your account name changed over the last few years, the name displayed on the Cloud Services Portal might change. This does not have any other implications on your account: Your configuration and data stay the same.
BloxOne Threat Defense – April 19, 2023
...
The BloxOne Lookalike Domains Activity report has undergone a comprehensive overhaul and redesign to optimize the organization and accessibility of data. Lookalike events are now grouped in a structured and logical manner based on specific criteria associated with the target domain, including the total count of lookalike domains, the total number of custom watched domains, and the total number of threat lookalikes. This enhancement ensures that the report provides a more practical, informational, and user-friendly experience for users.
For information on lookalike domain monitoring, see Custom Lookalike Domain Monitoring.
...
The following BloxOne Threat Defense RPZ feeds have been deprecated and are no longer available for BloxOne Threat Defense or for On-Prem DNS Firewall.
Spambot_IP
Bot_IP
For information on available feeds, see Supported Threat Intelligence Feeds and Licensing and Subscriptions.
BloxOne Threat Defense – March 30, 2023
Infoblox introduces the new Routing page on the Cloud Service Portal.
BloxOne routing improves the flexibility, scalability and performance of routing by separating it from the Anycast service into new BGP, OSPF, and RIP services who are entitled for Anycast. If you are not currently using Anycast, you will see the new Routing page immediately, and no action is required on your part. If you are currently using Anycast, Infoblox Support will be contacting you to arrange the migration of your Anycast configuration to these new services. For information, see Configuring Routing.
Infoblox BloxOne bare-metal deployment now supports Ubuntu 22.04.
With this release, Infoblox BloxOne supports Ubuntu 22.04 and will continue to support Ubuntu 20.04 and 18.04. BloxOne will however stop the official support of Ubuntu 16.04.
BloxOne Threat Defense – March 6, 2023
Infoblox introduces the new Infrastructure page on the Cloud Service Portal. BloxOne Infrastructure provides the separation of infrastructure and services. It integrates status, metrics, and logs into a common viewer, so you can peruse consolidated information about your host infrastructure and services. Your current deployment will automatically migrate to the new Infrastructure page. No action is required on your part.
The following is a list of changes:
Introduction of the new Manage > Infrastructure page within BloxOne that replaces the Manage > On-Prem Host page. The new page includes tabs for Hosts (new), Join Tokens (existing page - same functionality), Services (new - this is a complete set of deployed services on hosts), and Templates (new).
The Manage > On-Prem Host page will be removed.
New viewer for hosts and services accessible through the General Information link on Hosts or Services. The viewer presents detailed information about a specific host or service, including network configuration, status, notices (if any), metrics (for a period up to 30 days), and logs (for a period up to 30 days).
The separation of networking using interface labels makes separating duties between host management and service management much easier.
While service configurations reside where individual pages are in the Manage menu, you can refer to the configurations in Manage > Infrastructure > Services instead of associating the configurations with hosts. This allows for easier redeployment of the service when infrastructure has to be replaced.
Simplification of status with dedicated status for host and service instead of mixing the two together (this means no more “Review Details” status).
Advanced filtering is available separately on Hosts and Services (for example, you can use filters to find all services that are not online or all DHCP services across all hosts).
Adjusted the service deployment dialogs.
Host deployment works the same way as the On-Prem Host page by using a join token for virtual and customer-provided physical appliance or a serial number for Infoblox-provided physical appliance. Detailed configuration is adjusted to work with advanced interface labels.
Use the new Template functionality to capture a snapshot of the service deployment of a host and apply the same service deployment to multiple hosts (for example, you can use one template and apply it to seven offices or use the same deployment for 263 stores).
Support of multiple interfaces on hosts will enable several dedicated network interfaces on each host. Services (DHCP, DNS, DNS Forwarding Proxy, Data Connector, NTP) can be deployed using a specific interface, which can differ between services. This allows individual services to work within separate networks.
Support for alternative network connections between a host and the Cloud Services Portal. Two or more interfaces can be configured as WAN connections to the Cloud Services Portal. Priority of connections is supported for cost and performance reasons.
Display of hosts in a map view based on the NatIP address of the host will provide a better understanding of the infrastructure deployment around the world and could help identify region-based issues.
...
BloxOne Threat Defense supports Web Content Discovery.
Web Content Discovery is a new feature of the BloxOne Threat Defense Advanced package. It assists organizations in identifying high-risk activities in use across their networks, by whom and by which device. The new report identifies all known web traffic by category and identifies specific categories associated with a higher risk to organizations. For information, see Web Content Discovery.
BloxOne Threat Defense adds new and updated detection algorithms.
The BloxOne Threat Defense "Security-Activity" report now includes “Threat Family” in the "Threat Insight" detection report. It incorporates improved detection algorithms and protection from DGA (Domain Generation Algorithm), DDGA (Dictionary Domain Generation Algorithm), and DNST (DNS Tunneling) attacks. Additional algorithm enhancements include the ability to capture misconfiguration issues in customer environments and capturing Suspicious and Phishing Lookalike domains in customer traffic. For information, see Security-Activity Threat Insight Report.
BloxOne adjusts the date range for DNS Activity and Security reports to a maximum of 31 days.
Infoblox adjusts the date range for DNS Activity and Security reports to a maximum of 31 days. Subscription customers for BloxOne Threat Defense Business On-Premises, Business Cloud, and Advanced will continue to have access to these reports for up to 31 days to provide visibility into recent DNS or security activities. For longer-term reporting needs, the Data Connector (DC) service is available for exporting data into third-party tools that offer storage beyond 31 days (e.g. SIEMs that are better suited for historical data storage and searching). For more information on Infoblox integrations with ecosystem partners, visit the Ecosystem Integration with SIEM page on Infoblox.com.
Infoblox will conclude the support of Data Connector-based Threat Insight on May 5, 2023.
On May 5, 2023, Infoblox will conclude support of the configuration that delivers Threat Insight using the Data Connector (DC). This only impacts customers who use both BloxOne Threat Defense (Advanced or Business licenses) along with NIOS appliances that are connected to the Infoblox Cloud via the DC. This does not affect self-contained versions of on-prem Threat Insight on NIOS platforms or cloud-only versions of Threat Insight. A very small number of Infoblox customers utilize configurations that use the Data Connector Threat Insight, therefore; continued support is no longer practical. In preparation for this change, Infoblox will no longer store internal authoritative DNS queries in the Infoblox cloud for customers sending such data via the Data Connector. Internal queries are not required for Data Connector, Threat Insight or any other supported uses. As a result, this end of support is unlikely to impact Threat Insight. After February 18, 2023, there will be no change to the network or configurations. After May 5, 2023, calls for support will no longer be accepted for this configuration. As such, we recommend discontinuing this configuration as soon as possible to preserve resources for your on-prem appliance and network. If your deployment uses this configuration, please reach out to your Customer Success Advocate (CSA) to discuss options for transitioning to a supported, more dynamic, and reliable configuration.
BloxOne Threat Defense – February 17, 2023
BloxOne Threat Defense changes to combination feeds.
The combination RPZ feeds (high_block, high_log, med_block, med_log, low_block and low_log) will be changed for maintenance purposes. There may be minor but noticeable changes to the number of indicators available in each feed.
BloxOne Threat Defense – February 16, 2023
...
- By using filtering expressions, you are able to specify which traffic should be passed on and which should be dropped.
- DNS security logs can be filtered by new fields/properties: threat level, threat confidence, threat class, threat property, policy action, and feed name (custom list name).
For information, see Data Connector.
BloxOne Threat Defense – February 10, 2023
...
Through the Device UI, you can enable or disable a secure terminal connection on port 2022 between your BloxOne host and the newly implemented debugging CLI. When you experience issues related to cloud connectivity or BloxOne platform image deployment, you can troubleshoot those issues through the debugging CLI.
The Cloud Services Portal introduces the “Upcoming Releases” section that displays feature announcements for upcoming BloxOne releases.
In addition to “What’s New,” the landing page of the Cloud Services Portal now includes an “Upcoming Releases” section that displays upcoming feature announcements for future BloxOne releases.
BloxOne Threat Defense – January 31, 2023
...
This enhancement provides additional protection against Amplification/Reflection attacks. BloxOne Threat Defense will respond with NOTIMP to such requests. If you see such traffic in your network (DNS Activity report), it could indicate that it was compromised by a botnet/malware. For information, see DNS Activity Report and DNS Hits.
BloxOne Threat Defense – January 20, 2023
BloxOne adds system-level support logging for endpoint devices.
The Infoblox support team has the option of obtaining endpoint logs from active devices for troubleshooting purposes. Relevant audit logs would be logged for such actions.
BloxOne Threat Defense – January 16, 2023
...
For a list of all the new applications available for filtering or for the inclusion of other applications for filtering, please contact Infoblox Technical Support or your Customer Success Manager.
BloxOne Threat Defense – January 14, 2023
BloxOne Threat Defense adds two new standalone threat and RPZ feeds: Suspicious Lookalikes feed and Suspicious NOED feed.
- Suspicious Lookalikes feed: This feed includes domains that appear to impersonate other trusted domains but have also demonstrated enough abnormal behavior to warrant concern.
- Suspicious NOED (Newly Observed Emergent Domains) feed: This feed includes high-risk, newly active domains. These domains have only recently become active and share one or more characteristics with other known malicious domains to warrant concern.
For information, see Viewing Active Threat Feeds and Threat Insight
BloxOne Threat Defense supports the addition of a large set of "general" lookalike domains for monitoring.
The Lookalike Domains feature now allows users to select from a large set of popular domains. This is in addition to the ten custom watched domains already provided. This allows monitoring of far more than the original limit of ten watched domains. In addition, the limitation for target domain length has been decreased to three letters, down from five letters. For information, see Custom Lookalike Domain Monitoring.
BloxOne now allows the addition of large subnets for custom lists.
IPv4 subnets from /8 to /32 and IPv6 subnets from /32 to /128 are now supported. For information, see Creating Custom Lists.
BloxOne Threat Defense – January 13, 2023
...
With the implementation of an updated design, category filters and their associated subcategories are easier to navigate and to use from within the Cloud Services Portal. For information see Creating Category Filters
BloxOne Threat Defense – December 2, 2022
...
A suspicious flag has been automatically added to the DNS Activity and Security Activity reports to indicate malicious and suspicious domains. Flagged domains are added to a custom list automatically, providing an organization the option of automatically adding them to a custom configured block/log list. For information see Custom Lookalike Domain Monitoring.
BloxOne access authentication supports a configurable sign-out session page for authenticated users.
Authenticated users can sign out of a session from the same captive portal page. For information see Managing Access Authentication.
BloxOne Threat Defense – November 4, 2022
...
The TLD score indicates the level of risk associated with a top level domain (TLD). This score along with other data presented by Dossier can help when making a decision to block or allow a remote domain. For more information, see Dossier Threat Indicator Summary Report.
...
BloxOne Threat Defense support for filter categories.
New content categories and sub-categories are now supported for custom filter creation.
For information, see Creating Category Filters.
BloxOne Threat Defense – August 15, 2022
...
Multiple indexers can now be provisioned to a Splunk destination allowing for optimum load distribution. For more information, see . For more information, see Setting Up Splunk.
The BloxOne customer service portal now displays the serial number for all virtual appliance, on-prem deployments such as VMware, Azure, AWS, KVM.
Serial numbers of all virtual, on-prem deployments for VMware, Azure, AWS, and KVM can be viewed in the BloxOne customer service portal. For more information, see https://support.infoblox.com.
BloxOne Threat Defense – July 13, 2022
...
ThreatFox malware detection for Dossier from Abuse.ch
ThreatFox reports indicators of compromise (IOCs) associated with malware giving more context to your threat investigations. For information, see /wiki/spaces/~5f0f5ad9502ce1001d1bd220/pages/9083834.
...
Statistics reported in the details pane of the Endpoints page no longer include deleted endpoints.
Endpoints restored from the recycle bin are assigned disabled status by default.
When an endpoint group is deleted, all endpoints residing within the deleted group are moved to the default endpoint group.
When restoring a deleted endpoint from a deleted endpoint group, the restored endpoint remains a member of the default endpoint group.
...
Depending on your business requirements, BloxOne now supports high-capacity Microsoft Azure VHD installation packages you download from the Cloud Services Portal. For information, see Downloading BloxOne Infoblox Apps.
Infoblox supports the deployment of on-prem hosts on DELL 1425 and 1485 VEP hardware.
...
Depending on your business requirements, BloxOne now supports high-capacity OVA installation packages you can download from the Cloud Services Portal. For information, see Downloading BloxOne Infoblox Apps.
Data Connector supports sending log messages in Common Information Model (CIM) format when you configure Splunk as the destination.
...
This BloxOne release provides documented API for downloading service logs (such as the DNS query log and DHCP log). For more information, see https://csp.infoblox.com/apidoc.
BloxOne Threat Defense – July 8, 2021
...
Lifecycle management: You can now create, delete, disable, and enable keys.
Key expiration: A user-specified expiration can be defined at the time you create the key to determine the duration of key validity.
Keys names: You can name the key to easily identify it in the future.
Existing API keys, called "legacy" keys, continue to be supported, and are similar to interactive keys, yet limited to legacy and existing functionality with new support for the disable, enable, and delete functions.
The Cloud Services Portal now retains filter configuration you have applied to a page, so you can pick up right where you left the page without spending extra time to reconfigure your filters when you access the page again.
When you apply a filter or filters to a Cloud Services Portal page, the filter configuration stays intact the next time you access the page.
...
BloxOne Endpoint now supports macOS Big Sur.
BloxOne Endpoint supports Apple's latest operating system, macOS Big Sur.
Hiding the BloxOne Endpoint icon in the systray (system tray) is now an option.
...