Infoblox SaaS Release Notes

Enhancement:

Infoblox Threat Defense application filtering now includes two new generative AI chatbots: DeepSeek and Qwen.

You can track the usage of these newly added chatbots by navigating to (Monitor > Reports > Security > Application Discovery) under the Applications - Generative AI category.

Using application filters, you can assign an application a status of Approved or Unapproved based on whether Application Discovery indicates it is safe or unsafe. An application’s status can be revised and updated at any time.

For information, see Creating Application Filters.

Infoblox Universal Asset Insights introduces the following enhancements:

• A new summary monitor called ‘Assets by Classification,’ with subclassifications ‘Zombie’, ‘Ghost’, and ‘Non Compliance’. Zombie is further classified into ‘Idle’, ‘Orphan’, and ‘Resource Utilization’. For more information, see Viewing the Assets Workspace.
• Universal Asset Insights automatically adds all discovered assets to the Managed category. If you do not want to manage certain assets, you can choose to unmanage them to efficiently utilize your available tokens (licenses). There is also a new option to select the first 500 assets to manage or unmanage, saving time by avoiding manual selection of multiple assets across pages. For more information, see Manage or Unmanage Assets.
• Universal Asset Insights now includes an option to filter assets by Managed, Unmanaged, Devices, Network, or Services. This feature allows sorting of both managed and unmanaged assets when filtering by Devices, Network, or Services. For more information, see Viewing Managed Assets and Viewing Unmanaged Assets.

Universal DDI

Infoblox Threat Defense

Infoblox will update NIOS-X servers components (formerly on-prem hosts) starting January 27, 2025.

Infoblox will update NIOS-X servers components (formerly on-prem hosts) starting January 27, 2025 to safeguard the servers. 

Enhancement:

Infoblox Endpoint has released an updated version of its endpoint app for Android devices, now available on the Google Play Store.

The latest update addresses minor issues when used with Android 14 devices. For information, see Managing Mobile Endpoint.

Universal DDI now supports managing Grid primaries and Grid secondaries of authoritative zones in a NIOS Grid via the Infoblox Portal.

Universal DDI allows you to manage NIOS Grid primaries and Grid secondaries of authoritative zones through the Infoblox Portal. Any changes made to NIOS authoritative zones in the Infoblox Portal are synced to NIOS, and updates to authoritative zones in NIOS are immediately reflected in the Infoblox Portal. For more information, see Creating a Primary Zone under a NIOS View.

Universal DDI now supports updating certain fields in a NIOS-managed DHCP Config Profiles via the Infoblox Portal.

Universal DDI allows you to update specific fields in a NIOS-managed DHCP config profile through the Infoblox Portal. Changes to these fields are immediately reflected in NIOS. For a list of modifiable fields, see Modifying a NIOS-managed DHCP Config Profile.

NIOS-X as a Service now populates the location automatically when specifying the postal code for access location.

When configuring an access location in NIOS-X as a Service, you can specify the postal code, and the location will be automatically displayed. For more information, see Creating As-a-Service.

NIOS-X as a Service now allows applying tags for access locations.

You can now apply tags when creating an access location in NIOS-X as a Service. There is a limit of 50 tags per access location. For more information, see Creating As-a-Service.

Enhancement:

Infoblox introduces an event selection field option for SOC Insights logs exported to Data Connector.

This update features a new traffic flow widget in Data Connector, enabling users to select SOC Insights fields for HTTP destinations in non-DNS logs. For information, see Creating Traffic Flows and Log Source Configuration Export Options.

For more information, see Creating Traffic Flows and Log Source Configuration Export Options.

Enhancement:

Infoblox now supports granular selection for AWS and GCP when configuring Universal Asset Insights.

Universal DDI supports granular selection for AWS (Organizational Units/Accounts) and GCP (Folders/Projects) when creating a network discovery configuration. You can select Organizational Units or Accounts for AWS and Folders or Projects for GCP. For more information, see AWS - Organizational Units/Accounts and GCP - Folders/Projects.

Announcement: 

Infoblox has planned a deployment for additional security mechanisms on Thursday, January 23 at 6 PM PST to protect the Infoblox Portal.

Infoblox is deploying additional security mechanisms to protect the Infoblox Portal. During the deployment update on Thursday, January 23rd at 6 PM PST, the Infoblox Portal will remain available, and core services are unlikely to be impacted.

Enhancement:

Infoblox now provides a new configuration landing page showing data for key services based on entitlement. 

When users log on to the Infoblox Portal, the configuration landing page displays data for key services based on license entitlements.

The Infoblox Portal now displays the “What’s New” content in a new modal dialog.

This new dialog can be hidden by selecting the “Do not show me again” checkbox.

Enhancement:

Infoblox bare-metal deployment now supports Red Hat version 9.5.

For more information, see Bare-Metal Deployment.

Enhancement:

Infoblox has launched the Network Discovery Blackout feature for Network Insight, allowing users to temporarily pause discovery operations according to a specified schedule.

When setting up the discovery service, you can now specify a duration to pause the discovery process. During this blackout period, no new discovery actions will occur on your network. For more information, see Creating Discovery - Blackout.

Enhancement:

This enhancement allows users to input domains using Unicode characters in both custom lists and internal domain lists. For information, see Creating Custom Lists and Creating an Internal Domain.

Infoblox Threat Defense introduces a feedback loop for Threat Intelligence (TI) Detectors.

This feature enables users to activate, deactivate, and remove TI domains from their custom lists. For information, see Custom Lists.

Enhancement:

Infoblox Threat Defense enhances the Application Discovery feature to improve the detection and blocking of generative AI applications.

Infoblox is excited to announce significant enhancements to our Application Discovery feature within Threat Defense Advanced, now with improved capabilities to detect and block applications used for generative AI. Recognizing the high risk of data loss associated with unmanaged generative AI, these updates are designed to provide organizations with additional protection. The new functionality distinguishes between consumer and enterprise versions of select generative AI applications, allowing for approved use while blocking unmanaged consumer versions. This update helps you leverage the benefits of generative AI securely and efficiently.

These enhancements underscore Infoblox’s commitment to continuous innovation and delivering increased value to our customers. By integrating these advanced detection and blocking capabilities, organizations can mitigate the risks associated with shadow IT and data exfiltration, ensuring compliance and enhancing overall security posture. Customers will benefit from improved visibility and control over application usage, empowering them to make informed decisions and maintain a secure, compliant environment. You can find these detections in the Infoblox Platform (Monitor > Reports > Security > Application Discovery), under the Applications - Generative AI category. This category was previously named AI Chatbots. For information, see Creating Application Filters.

Enhancement:

NIOS-X as a Service provides the following enhancements: sorting and filtering data, auto-focusing on a particular service, and troubleshooting DNS issues through APIs.

• Users can now sort data by priority, A-Z or Z-A and filter by Service or Location with single or multiple values. For more information, see Sorting Services in the Navigation Pane and Filtering Service and Location in the Navigation Pane. 

• The Auto Focus icon allows users to focus on a selected service by hiding the rest of the data. For more information, see Focusing on a Specific Service. 

• NIOS-X as a Service provides APIs to troubleshoot DNS issues using traceroute and dns_query. For more information, see the API documentation. 

Enhancement:

Universal DDI now supports updating DHCP objects imported from NIOS.

Universal DDI enables updates to DHCP objects imported from NIOS. Any changes made to NIOS objects in the Infoblox Portal are instantly reflected in NIOS. For more information, see NIOS Objects Supported for Sync.

Universal DDI now supports the wildcard character for MAC addresses in hardware filters. 

Universal DDI supports using the wildcard character (*) to add or update MAC addresses in hardware filters. For more information, see Creating IPv4 Hardware Filters and Creating an IPv4 MAC Address in Large Selection Filter. 

Universal DDI now supports DHCP objects in access views. 

Universal DDI now supports managing DHCP objects within access views, alongside DNS and IPAM objects. For more information, see Supported Objects for Access Views.

Enhancement:

Infoblox Endpoint version 2.4.20 is now available for Windows and macOS.

This update introduces support for macOS Sequoia 15.0.1 and above, along with stability improvements and fixes for minor issues on both

• Test the upgrade on a small number of Mac computers first, rather than upgrading all machines at once.:Test the upgrade on a small number of Mac computers first, rather than upgrading all machines at once.

• For Macs with Infoblox Endpoints, upgrade a few computers initially, monitor for any issues, and only proceed with upgrading the remaining devices if no problems are detected.

Windows and macOS. For more information about Infoblox Endpoint, see Managing BloxOne Endpoint.

NIOS-X as a Service

Universal DDI

Feature and Enhancements:

NIOS-X as a Service now provides an option for users to select a Recommended Point of Presence (PoP).

NIOS-X as a Service introduces a new check box, “Use Recommended Location”, which, when selected, automatically chooses the most optimal Point of Presence (PoP). This feature is useful for configuring geographically distributed locations, as it calculates the optimal PoP for a quick response. By selecting this option, users can avoid manual calculations and let NIOS-X as a Service choose the PoP automatically. For more information see /wiki/spaces/ddiadminguidensdraft/pages/572228399.

NIOS-X as a Service now allows users to modify custom network attributes for an existing service configuration.

NIOS-X as a Service now allows users to modify Custom Network Attributes such as KeyID, FQDN, or Email. Users can update these attributes without the need to reconfigure the entire service. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/808714280.

NIOS-X as a Service allows users to clear the DNS cache to resolve DNS issues. 

The Clear DNS Cache option has been added to the user interface, enabling users to clear the cache for each service deployment to resolve any DNS issues. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/1005223966.

NIOS-X as a Service allows users to clear leases to make them available for reuse. 

Users can now clear active and abandoned leases through the Infoblox Portal. When users clear an active or abandoned lease, its IP address becomes available for reuse. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/1005223979. 

NIOS-X as a Service now helps route site response traffic to the IPSec tunnel.

The Neighbor IP feature ensures that organization site response traffic is routed unambiguously to the IPSec tunnel. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/572228399.

Universal DDI supports forwarding DNS queries between AWS and Azure cloud providers.

In addition to the existing Outbound Cloud Forwarder, users can configure an inbound cloud forwarder to forward DNS queries from one cloud provider to another. For example, users can forward DNS queries from AWS to Azure and vice versa. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/611943858. 

Infoblox Dossier now treats DNS lame delegation as a vulnerability. 

Lame delegation occurs when one or more delegated nameservers fail to provide authoritative DNS information. When a lame delegation is detected on the queried domain, Dossier highlights this vulnerability along with the level at which this was detected, allowing customers to take appropriate action on the affected domain and nameserver.

For information, see Dossier Summary Report.

Feature:

Universal DDI now provides the option to configure an SNMP health check monitor for DNS Traffic Control.

In addition to the existing ICMP, TCP, and HTTP monitors, Universal DDI now allows users to configure an SNMP health check monitor for DNS traffic control. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/996900867.  

Infoblox supports the discovery of endpoints connected to a DNS cloud forwarder configured in the Infoblox Portal.

Users can now enable or disable the discovery of cloud forwarder endpoints when configuring Network Discovery for AWS or Azure. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/976093261. 

Enhancement:

The Infoblox Portal now displays status messages for the NIOS Grid Manager.

Infoblox Universal DDI

Infoblox Threat Defense

Enhancement:

Infoblox now allows users to change the default password for the Device UI when configuring NIOS-X physical servers. This can be done through the Infoblox Portal, Device UI, or Debug CLI.

When deploying NIOS-X servers, Infoblox initially uses a default username and password for accessing the Device UI. Users can now change this default password via the Infoblox Portal, Device UI, or Debug CLI. Once changed, the new password will be synchronized across the console and Device UI, allowing for SSH and HTTPS access.

Enhancement:

Infoblox Dossier now features streamlined false-positive reporting.

The Infoblox Dossier feedback functionality has been updated to direct critical and blocking issues to the Support Portal for ticket creation and to the Infoblox support team for assistance with Service-Level Agreement (SLA) compliance. This functionality allows users to submit feedback on the following indicators: False Positive, False Negative, and Content Categorization.

For information, see Dossier Threat Research Feedback.

Feature:

Universal DDI introduces Passive Discovery, leveraging data from DHCP logs and Infoblox-managed endpoints to enhance visibility into your network devices.

Using the ingested data, Passive Discovery, in conjunction with SOC Insights, generates reports that you can view on the SOC Insights Assets tab or the Monitor > Assets page of the Infoblox Portal, depending on your subscription.

Enhancement:

Data Connector updates have been deployed, aimed at enhancing capabilities and improving integration.

The following Data Connector enhancements have been deployed:

1. Data Connector HTTP(s) destination for MS Sentinel and Splunk
2. CDC Events fields selection - Infoblox
3. Infoblox Portal/SOAR Light integration with “3rd party integration portal”
4. Infoblox Ecosystem entitlements - Data Flow Separation
5. Traffic can now flow directly from the Infoblox Cloud to a Cloud SEIM

For additional information, see Data Connector.

Feature:

Universal DDI introduces the ability to view separate DHCP status for IPv4 and IPv6 networks

You can now view the DHCP status separately for IPv4 and IPv6 networks. This feature will be functional once you update to the latest NIOS-X DHCP Server, version 4.3.1.6.

Enhancement:

Universal Asset Insights introduces the ability to enable or disable IPAM Discovery when configuring Cloud Service Providers.

When configuring Network Discovery for cloud service providers like AWS, Azure, and GCP, you can enable or disable sync for IPAM assets. When enabled, the IP address information of discovered assets will be synchronized with Universal IPAM. For more information, see AWS - Destination, Azure - Destination, GCP - Destination. 

Enhancement:

Data Connector introduces HTTP Destination support for Microsoft Sentinel.

This enhancement facilitates the setup of Microsoft Sentinel as a destination in the Infoblox Platform. For more information, see Data Connector.

Enhancement:

Universal DDI introduces service logs for Cloud Forwarders configured on the Infoblox Portal.

Universal DDI now shows service logs for Cloud Forwarders, which support AWS, Azure, and GCP. For information, see Viewing Service Logs.

Enhancement:

Infoblox Endpoint releases version 2.4.16 for Windows and macOS

This release addresses an issue with statically assigned DNS servers on network interfaces. For more information about BloxOne Endpoint, see Managing Endpoint. 

Infoblox Universal DDI

Infoblox Threat Defense

Features and Enhancements:

Infoblox is pleased to announce a significant update to the Infoblox Portal (portal.infoblox.com), featuring a modern UX refresh designed to enhance your experience and productivity. (UI updates will be available for the EU Region users in October)

This update introduces:

Optimized Navigation Experience: Our redesigned interface offers more intuitive and seamless navigation, allowing you to find what you need faster and more efficiently through the following enhancements: 

• Bespoke Lifecycles:
  • Monitoring lifecycle: This lifecycle focuses on providing business visibility through custom asset, security, and networking monitor Workspaces. These workspaces are tailored to deliver real-time insights and visualizations, helping you keep a close eye on critical metrics and system health.
  • Configuration lifecycle: Optimized to configure and deliver network services efficiently, this lifecycle follows best practices to ensure smooth and effective network management. It simplifies complex configurations, making deploying and managing network services easier.
• Improved Navigation Flows: Core task focus areas such as Security, Network, and Administration are now more logically grouped. This logical grouping streamlines your workflow, making accessing the tools and information you need easier without unnecessary clicks or searches.
• Industry-Standard Layouts: User Profile options, Account selection, and Notifications have been redesigned to align with industry standards. This redesign enhances usability and consistency across the portal, providing a familiar and user-friendly experience.

Enhanced Server and Service Deployment Management Workflows:

• Universal DDI Offering: Introducing NIOS-X As-a-Service, a fully managed deployment solution that enables network protocol service delivery without the need for infrastructure investments. This new deployment type simplifies the process of delivering network services, allowing you to focus on your core business activities. 
• Dedicated Servers Section: Users of traditional services will now find virtual and physical hosts under a dedicated Servers section. This section includes our next-generation NIOS-X servers (formerly BloxOne) and our industry-leading NIOS solution, providing a comprehensive view of your deployment infrastructure.
• Manage NIOS with Universal DDI: Single pane of glass management of NIOS Grids and Members directly within the Infoblox Portal

 Increased Visibility to Critical Metrics:

Stay informed on key performance indicators with our new dashboards and KPIs, designed to provide clear and actionable insights:

• Custom Workspaces: Workspaces for Assets, Security, and Networking feature custom-designed monitors crafted by our industry experts. These monitors deliver out-of-the-box real-time visualizations of critical metric summaries, allowing users to quickly assess the health of their networking and security environment. With these insights, you can take immediate action without waiting for reports or updates.
• Business KPI Ribbon: A new Business KPI ribbon provides line-of-sight visibility into critical success metrics. This feature allows users to quickly understand the positive impact of the Infoblox market-leading DDI solution in securing critical business assets, providing 24x7 highly scalable network services, and offering centralized management across both cloud and on-premises deployments.

Infoblox Universal DDI

Enhancement:

Provide Tailored User Access with Access Views

Access Views enables users to set custom fine-grained access rules for specified users or groups and associated DDI resources.

Support for Read and Write Google Cloud DNS data

Infoblox Portal now supports the ability to read and write Google Cloud DNS zones and resource records. For more information, see Google Cloud Platform Integration. 

Enhancement:

Data Connector introduces BloxOne Cloud-to-Cloud SIEMs, emphasizing fully managed services with seamless integrations with third-party SaaS services.

Key enhancements in this release:

• Facilitates the setup of a Syslog destination in BloxOne Cloud.

• Facilitates the setup of SOAR Light in BloxOne Cloud.

• Facilitates the setup of an HTTP Destination in BloxOne Cloud.

For more information, see Data Connector and Infoblox Ecosystem.

Infoblox Ecosystem now offers support for SOAR Light integrations running in BloxOne Cloud, enabling the automation of Cloud-to-Cloud workflows.

BloxOne DNS

BloxOne DHCP

Enhancement:

BloxOne DDI introduces DHCP subnet profiles, enabling users to configure multiple subnets simultaneously.

BloxOne DDI now supports the creation of DHCP subnet profiles, which can be configured with any required settings. These profiles can then be applied to multiple subnets simultaneously, streamlining the configuration process. For more information, see Configuring DHCP Subnet Profiles.

Enhancement:

To enhance Threat Defense services, Infoblox has launched a new second-level infobloxtd.com domain along with additional IP addresses, 103.80.6.120 and 52.119.41.120.

Infoblox strongly recommends that all customers update their network configuration to enable access to the new IP addresses, the second-level domain, and all its subdomains. Infoblox plans to launch services utilizing these IP addresses and hostnames under infobloxtd.com by mid-September 2024.

Data Connector introduces additional event field options for Atlas Notification settings.

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see Creating Traffic Flows.

Enhancement:

BloxOne DDI allows setting per-zone limits for rdatasets and rrtypes to prevent database query processing from slowing down.

An rdatatype (short for resource record type) refers to the specific type of resource record (RR) in the DNS. Each resource record in DNS has an associated type that indicates the kind of data it holds for example type A , the IPv4 address of a host, or type MX , how to route mail. An rdataset refers to a set of resource records (RRs) of the same type for a specific domain name in the Domain Name System (DNS). Excessively large rdatasets or large numbers of rrtypes can slow down database query processing, so limits can be set on a per-zone basis. For more information on how to place limits, see Creating a Primary Zone and Creating a Secondary Zone. 

Enhancement: 

This program includes a self-service portal, offering certified, out-of-the-box integrations with leading technology providers. The program is powered by Automations, an event-driven automation framework designed to streamline integration development. These integrations have undergone rigorous testing and validation to ensure compatibility and support by Infoblox. The program aims to help NetOps and SecOps teams automate workflows, enhance security, and improve collaboration across on-premises, hybrid, and multi-cloud environments. For information, see Ecosystem Portal.

Enhancement:

Data Connector now supports sending logs to an HTTP destination in Splunk CIM data format.

When configuring a Data Connector traffic flow, you now have the option to choose Splunk CIM as the log message format when you configure HTTP as the destination. For information, see Setting Up HTTP.

Enhancement:

BloxOne Threat Defense releases BloxOne Mobile Endpoint for iOS without VPN dependency.

To improve compatibility with VPN solutions, including on-demand VPN, BloxOne Mobile Endpoint for iOS will be able to use the iOS native DNS proxy framework to intercept all DNS traffic. Requirements: iOS/iPadOS 14.x and later, deployment by an MDM.For more information about BloxOne Mobile Endpoint, see Managing BloxOne Mobile Endpoint.

Infoblox introduces event selection field options for BloxOne Threat Defense DNS Query/Response log, BloxOne Threat Defense Policy Hits log, BloxOne DDI DNS Query/Response log, and Service Logs exported by Data Connector

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see see Creating Traffic Flows and Event Field Logs.

BloxOne DDI

BloxOne ThreatDefense

Enhancement:

BloxOne DDI introduces service logs for Cloud Discovery.

BloxOne DDI now shows service logs for Cloud Discovery, which includes AWS and Azure. For information, see Viewing Service Logs.

Enhancement:

The BloxOne DDI DNS service addresses the following vulnerabilities: CVE-2024-4076, CVE-2024-1737, CVE-2024-0760, CVE-2024-1975

• CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content.
• CVE-2024-1737: BIND’s database will be slow if a very large number of resource records exist at the same name. There is a limit of 500 resource records of the same type and name within a single zone. Exceeding this limit is not rejected on the Cloud Services Portal, but the on-premise DNS servers will refuse to load zones containing such records.
• CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable.
• CVE-2024-1975: SIG(0) can be used to exhaust CPU resources.

Enhancement:

To enhance security, the host API keys have been deprecated. However, users can still access the BloxOne APIs using the service API keys.

For information about service API keys, see Configuring Service API Keys.

Enhancement:

BloxOne Endpoint releases version 2.4.10 for Windows and macOS.

Features and Enhancements:

NIOS Grid Connector now syncs Forward Name Server Group, and Name Server Group Association to the Cloud Services Portal.

NIOS Grid Connector has been enhanced to sync additional objects from NIOS to the Cloud Services Portal such as Forward Name Server Group and Name Server Group Association. For more information, see Objects Imported from NIOS.

BloxOne DDI supports configuring exceptions during DNSSEC validation.

For more information, see Enabling Signature Validation. 

DNS Traffic Control supports additional record types for load balancing.

DNS Traffic Control now supports SRV, SVCB (Type64), and HTTPS (Type65) for load balancing. For more information, see Configuring DNS Traffic Control.

Enhancement:

BloxOne introduces tagging enhancements that restrict tag values displayed during tag addition, application, and filtering to those currently assigned to objects. Additionally, predefined tag values can now be defined through restricted tags, instead of freeform tags. To explicitly add values to a freeform tag, convert the tag to a restricted tag first. For more information, see Managing Tags.

Enhancement:

BloxOne enhances the performance and usability of Global Search on the Cloud Services Portal, making it easier and faster for users to find what they need.

Global search includes the following enhancements:

• Users can now start a search by pressing the Enter key after entering key words.

• Quick results will display the top three relevant results.

• Users will see two groups of results: one for Exact Matches and the other for Related Results.

• Exact match results will appear within a second.

• Related results will be visible within a few seconds.

Enhancement:

The BloxOne DDI DNS service addresses the following vulnerabilities: CVE-2023-48795 and CVE-2023-44487.

• CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks.

• CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.

Enhancement:

BloxOne Endpoint releases version 2.4.9 for Windows and MacOS.

This release includes stability improvements and resolves minor issues. For information, see Managing BloxOne Endpoint.

Feature and Enhancement:

BloxOne Threat Defense introduces a new RPZ feed structure that provides simplicity and user-friendly feed names.

BloxOne Threat Defense for NIOS now includes a new RPZ feed structure that provides simplicity, along with user friendly names, allowing users to set the correct policies and address the growing number of available RPZs over time. With the new structure, customers can configure their policy action correctly per their risk posture and have an “at a glance” understanding of how their network is protected. This requires removing the prior configured RPZ feeds and updating them to the consolidated new RPZs. The old RPZs will be supported until December 2024, giving time for transition to the new RPZ. The old RPZs will be deprecated after December 2024. Beyond the current RPZ updates for OnPrem, the feeds on the cloud will also be updated to reflect the same feed structure around July 2024.

Configuration Guide: https://docs.infoblox.com/space/BloxOneThreatDefense/622493764/Feed+Revamp+for+NIOS.

Enhancement:

High Availability now supports an IPv6 Service Instance for Active/Active and Active/Passive configurations.

High availability now supports an IPv6 subnet Service Instance in addition to the existing IPv4. The IPv6 support is applicable to Active/Active and Active/Passive configurations. For more information, see Configuring HA Groups.

DNS Traffic Control now allows HTTP/HTTPs Response control health checks to search strings in the header, body, and create regular expressions. 

BloxOne DDI now allows you to configure HTTP/HTTPs response control health checks by searching for a string in header, body, header/body. You can also create regular expressions for the header. For more information, see Creating HTTP Health Checks. 

Additional objects can now be synced from NIOS to BloxOne DDI through the NIOS Grid Connector.

Additional IPAM and DNS objects are now sent from NIOS to BloxOne DDI, when you enable the NIOS Grid Connector. For more information, see Enabling the NIOS Grid Connector Service. 

Enhancement: 

The default time filter in BloxOne Threat Defense reports has been updated from one hour to 24 hours.

The default time filter change applies to the following reports: DNS Activity, Security Activity, Summary Reports, Application Discovery, and Web Content Discovery. A one hour reporting option is still available, but it is no longer the default. The default time filter setting benefits our customers by improving the performance of the rendering reports.

Feature: 

BloxOne Threat Defense introduces Infoblox Threat Intel research with supporting documentation on threat actor naming conventions.

Threat intelligence research encompasses current analyses, alerts, advisories, and various reports compiled by the Infoblox Threat Intel team. This page highlights the threat actors discovered in your network. For each threat actor, the page also displays how early Infoblox discovered it in your network. Accompanying this information is detailed documentation that outlines the team's specific naming conventions serving as a valuable reference source for users. For information, see Threat Intel and Infoblox Threat Actor Naming Conventions.

Feature and Enhancement: 

Infoblox is introducing a new, real-time streaming detection called "Zero Day DNS."

Threat Insight – Zero Day DNS (Zero Day DNS) detects new domains observed in customer traffic to protect them from any possible targeted or spear phishing attacks. It follows a low-regret model and blocks the domain for a short TTL of 48 hours. The domain will be released after 48 hours, by which time other security systems in place should have enough information about this new domain to protect per policy. The default recommended action for this TI-List is Block - No Redirect. The intent of this detection is to provide very near real-time protection on new domains (can detect and block within 1-2 minutes of usage). Often when new domains are not mission-critical and following a low-regret model, it's best to have this protection in place. If for any reason the detected domains are known, verified, and needed for use, they can be added to the Default Allow list to bypass the detection. For information, see Zero Day DNS Configuration.

Enhancement:

BloxOne Threat Defense introduces external networks verification.

This feature allows BloxOne Threat Defense Business Cloud and Advanced customers to conveniently claim all their existing external networks, ensuring exclusive registration rights for subnets, and assuring no one else can register them in the database. This enhanced external network management capability permits the addition of large subnets (up to /8 for IPv4 and /32 for IPv6) with Infoblox's verification. Smaller subnets (ranging from /30 to /32 for IPv4 and from /56 to /128 for IPv6) can be added without verification. For information, see Configuring External Networks. For information, see Configuring External Networks.

Enhancement:

Infoblox announces the phase-out of the "Allow with Log" action support for content category filtering.

This change will affect only newly created policies and policy rules, ensuring that existing security policies remain unaffected. Customers can continue to modify and apply their current policies as usual without any adjustments to already provisioned rules. However, it will not be possible to establish new rules or policies incorporating the allow-log action for content categories moving forward. For information, see Creating Category Filters.

Enhancement:

BloxOne Threat Defense introduces agentless implementation over DoH.

With this update, BloxOne Threat Defense can now terminate DoH connections and associate custom DoH FQDNs with specific customer policies. This allows customers to securely redirect their DNS traffic to the BloxOne Threat Defense cloud without a client and integrate our solution with third-party solutions. For information, see Configuring Security Policies.

Feature and Enhancement: 

BloxOne Threat Defense has updated its policy framework to address potential DNS rebinding attacks.

This update addresses attacks like DNS rebinding attacks where attackers use a malicious DNS server for reconnaissance when attempting to connect to internal services. By setting a low TTL, attackers cause the DNS record to expire quickly, leading to frequent queries that switch to internal network IP addresses. This allows them to bypass security measures, enabling harmful actions or data extraction. For information, see Configuring Security Policies. For information, see Configuring Security Policies.

Enhancement: 

BloxOne Endpoint has released several bug fixes for Linux Ubuntu 22. 

These updates include correcting the MAC address during the login process and avoid any vulnerability of Stack canary protection, among other updates. For information, see Linux Client Application Deployment.

Enhancement:

BloxOne consolidates notifications for host-related events, optimizing efficiency and improving system performance.

When configuring BloxOne notifications, you can now choose Host Status Infra to receive important events related to the supported host metrics. The former Host State option will no longer be available. This enhancement helps improve system performance and reduce the number of notifications you will receive. For information, see Configuring Notification Delivery.

Enhancement: 

This release of the BloxOne Data Connector includes a few enhancements: relocation of the Data Connector tab from the Manage tab to the Integrations tab on the Cloud Services Portal, a new traffic flow configuration wizard, and the ability to add tags.

In addition to the relocation of the Data Connector tab from the Manage tab to the Integrations tab, other enhancements include the release of a new traffic flow configuration wizard to improve workflow efficiency and the capability to add tags to traffic flows, sources, destinations, and ETL configurations. For information, see Data Connector.

BloxOne Threat Defense
BloxOne DDI

Enhancement: 

BloxOne introduces enhancements that streamline account management across multiple organizations.

The enhancements are particularly beneficial for administrators managing multiple organizations or sandboxes, simplifying the process of accessing and controlling subsidiary organizational accounts. The enhancements also overhaul the Cloud Services Portal's current account-switching feature by introducing an improved account selection menu that can handle hundreds of organizational accounts and includes a search and filter function for better organizational account management.

Additional enhancements include the following:

• Administrators managing multiple organizations can set a default account, which is automatically accessed upon the initial connection to the Cloud Services Portal after authentication.
• Administrators are able to specify favorite organizations, which are prominently displayed at the top of the account selection window/menu for quick and easy access.

For additional information, see Managing BloxOne Accounts.  

BloxOne Data Connector

Enhancement: 

Infoblox Data Connector supports forwarding of BloxOne DHCP lease logs to a NIOS reporting destination.

Infoblox Data Connector now allows you to forward BloxOne DHCP lease logs to NIOS reporting, streamlining network administration workflows and enhancing efficiency. For more information, see Configuring Traffic Flows.

Feature and Enhancement

The IPAM/DHCP pages on the Cloud Services Portal have the following improvements: Local search is now above the list of objects; a new filter icon is next to the local search; and the save filter icon features a drop-down menu.

• Local search has been relocated above the list of objects, accompanied by the text “Find in list.” When selected, local search expands to provide additional space to enter keywords.

• A redesigned filter icon has been relocated above the list of objects next to the local search.

• The save filter icon has been updated from a floppy disk icon, featuring a drop-down menu that contains a list of saved filters.

BloxOne DDI now offers the capability to disable Echo Client ID in the global DHCP configuration for backward compatibility with older devices. 

BloxOne DDI allows you to deactivate Echo Client ID in the global DHCP configuration, ensuring seamless DHCP response for clients that cannot accept a response with a Client ID. For additional details, see the Advanced Configuration section.

Enhancement:

BloxOne Endpoint supports deferred deployment scheduling options. 

A new deferred deployment schedule option for BloxOne Endpoint for Windows, MacOS, and Linux is available, allowing endpoint upgrades to be postponed by the endpoint group. Deployment can be deferred for up to four weeks, with the option to select deployment day of week and time, independent of the release date. BloxOne Endpoint for iOS and Android will request and validate a user’s email during manual installation when an MDM service is not used for the deployment. This simplifies and improves user notification, compromised device tracking, access restrictions (by listing trusted domains), and general consumption. For information, see Scheduling Endpoint Group Updates.

Enhancement:

BloxOne Mobile Endpoint validation of user email ID during manual installation (no MDM feature). 

BloxOne Moblie Endpoint adds validation of the user’s email during manual installation when an MDM service  is not used for the deployment. This simplifies and improves user notification, compromised device tracking, access restrictions (by listing trusted domains), and general consumption. For information, see Deployment of MDM-less Mobile Endpoint (no MDM feature). 

Enhancement:

DNS Point of Presence - U.S./Ohio 

Infoblox adds PoP for DNS resolution in the U.S./Ohio to speed resolution, improve resiliency, and provide local resolution for organizations in that region.

Enhancement:

AWS S3 RPZ log export now includes three additional fields: "key," "sld," and "extra." 

RPZ logs exported to AWS S3 and the object storage service will be updated to include additional fields: "key," "sld," and an "extra" field to provide additional metadata such as username, client region and country, endpoint group, response, etc. This RPZ log export enhancement uses a different output path on the customers' S3 bucket ( / rpz_enriched / year=xxxx / month=xx / day=xx /hour=xx ). For information, see Log File Format.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

DHCP Fingerprints are optimized with new fingerprint rules.

BloxOne DDI now supports an optimized fingerprint database with updated fingerprint rules that provide better identification. For more information, see Configuring DHCPv4 Fingerprints.

The BloxOne DDI DNS service addresses the following vulnerabilities: CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-5680, CVE-2023-6516, CVE-2023-50387, and CVE-2023-50868

DNS Version: 3.5.7
BIND Version:  9.18 with custom feature changes and security patches

• CVE-2023-4408: Parsing large DNS messages may cause excessive CPU load.

• CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion failure when nxdomain-redirect is enabled.

• CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution.

• CVE-2023-5680: Cleaning an ECS-enabled cache may cause excessive CPU load.

• CVE-2023-6516: Specific recursive query patterns may lead to an out-of-memory condition.

• CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator.

• CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources.

Enhancement:

BloxOne DDI can now filter lease based on Global MAC Pool.

BloxOne DDI supports filtering DHCP leases based on the Global MAC Pool imported from a CSV file. For more information, see Creating an IPv4 MAC Address Large Selection Filter.

Feature:

SOC Insights for BloxOne® Threat Defense enhances SOC efficiency by utilizing AI-driven analytics to effectively reduce alert fatigue and security gaps while also decreasing Mean Time to Respond (MTTR).

By distilling vast numbers of alerts into crucial insights, analysts can prioritize and address critical issues more efficiently and effectively. SOC Insights further empowers analysts with instant access to relevant network, event, and DNS intelligence, allowing for speedy, informed decision-making and accelerated incident response and threat mitigation. SOC Insights is offered as an optional feature for both BloxOne Threat Defense Advanced and BloxOne Threat Defense for BloxOne Business Cloud customers. Additionally, Configuration Insights is automatically integrated into all existing BloxOne Threat Defense Business Cloud and Advanced user accounts, offering guidance on optimal detection settings and adherence to best practices. 

Customers interested in exploring this feature can reach out to the sales team to request a trial. For information, see SOC Insights.

BloxOne DNS

BloxOne DHCP

Enhancement:

BloxOne users can now create and manage host configuration templates in the Cloud Services Portal.

Templating enables users to quickly deploy additional hosts/deployments with a consistent configuration as well as centralize future changes to a group of hosts from a single change within the template. For information, see Configuring Templates.

Enhancement:

BloxOne Endpoint for Windows support for Join Tokens

The latest update to the BloxOne Endpoint for Windows, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Mac, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint

BloxOne Endpoint for Mac support for Join Tokens

The latest update to the BloxOne Endpoint for Mac, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Windows, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.

BloxOne DNS

BloxOne DHCP

Enhancement:

BloxOne users can now create and manage host configuration templates in the Cloud Services Portal.  Templating enables users to quickly deploy additional hosts/deployments with a consistent configuration as well as centralize future changes to a group of hosts from a single change in within the template. For information, see Configuring Templates.

Enhancement:

The Cloud Services Portal now provides enhanced viewing and export options for service logs from the Data Connector.

• Logs from the Data Connector are now accessible for both viewing and downloading through the Cloud Services Portal.
• The Data Connector has the capability to export service logs to all supported destinations, including integration with SIEM (Security Information and Event Management) systems.

      For information, see BloxOne Notifications and Configuring Traffic Flows.

Maintenance:

DHCP Software Update

The DHCP software update is part of our routine maintenance schedule  to provide important, security-focused updates and additional enhancements to improve the stability of these critical services.

During this update, the DHCP service running on the hosts may experience temporary unavailability for up to 30 seconds. All other services will remain unaffected.

BloxOne DNS

BloxOne DHCP

Enhancement:

To prevent a mismatch between the host of a subnet and range, BloxOne DDI now validates that a subnet and its range use the same BloxOne host.

BloxOne DDI ensures that a subnet and its range use the same BloxOne host. This helps prevent a scenario where a mismatch occurs between the host of a subnet and its range. For more information, see Creating Address Ranges.

Enhancement:

BloxOne introduces the redesign of the Dossier summary and timeline page.

The updated design now presents timeline events in a clear chronological order, using a vertical format for easier reference. Additionally, the redesign includes detailed event information linked to each timeline occurrence, streamlining the process of tracking and managing events within your organization. This enhancement aims to improve the user experience and facilitate more efficient detection, monitoring, and managing of reported threat indicators. 

For information about Dossier, see The Dossier Threat Indicator Report.

BloxOne supports host deployment using generation 2 virtual machines on Hyper-V/Azure.

BloxOne now supports generation 2 VMs when you deploy BloxOne hosts in Microsoft Azure. For more information, see Microsoft Azure Deployment.

BloxOne supports adding host tags associated with the Cloud Services Portal during BloxOne host deployments.

When you deploy a BloxOne host, you can add a host tag to the "userdata" file to associate the host with the Cloud Services Portal. For more information, see YML and JSON Templates.

BloxOne supports firmware updates on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 hardware appliances.

To upgrade the firmware on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 appliances, you can now download firmware upgrades and apply a firmware upgrade script via the debug CLI or a USB flash drive. For more information, see Updating Firmware on Hardware Appliances.

BloxOne host deployment on Google Cloud Portal (GCP) now supports IPv6.

      For information, see Google Cloud Portal (GCP) Deployment.

BloxOne DNS

BloxOne DHCP

Enhancement:

BloxOne DDI now supports importing private zones from Azure DNS as forward zones.
When you configure Azure DNS private zones to be served from a BloxOne host in Cloud Services Portal, you can get the queries forwarded to Azure DNS to get most recent results, without waiting for the sync. For more information, see Importing AWS Private NIOS-X Servered Zones as Read/Write Forward Zones.

The Cloud Services Portal supports a split view feature for viewing private zones and public zones from AWS Route 53.

With the Split View feature, you can get AWS Route 53 public hosted zones and private hosted zones to be served from two separate DNS views, allowing the capability for Split-horizon DNS. For more information, see Enabling Split View.

BloxOne Endpoint

Enhancement:

BloxOne Endpoint for Linux support for Join Tokens

The latest update to the BloxOne Endpoint for Linux, version 1.0.7, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.

BloxOne DDI now supports creating DNAME resource records through the Cloud Services Portal.

BloxOne DDI supports creating DNAME records that can be used to create an alias for an existing domain. Previously, the DNAME record could only be created as a generic record of type DNAME.  With this release, DNAME can be selected as one of the record types under the Record menu. For more information, see Creating a DNAME Record.

Enhancement:

BloxOne Mobile Endpoint for Android will receive a MDM-less deployment option.

BloxOne Mobile Endpoint for Android will receive a MDM-less deployment option. MDM-less deployment will allow better support for BYOD and other non-managed corporate devices. Users can now install BloxOne Endpoint from the Google Play store and enable it by scanning a provided QR code to protect their devices. QR codes are generated based on unique join tokens, which are easy to retire and rotate. Due to significant changes in the authentication process it is recommended to deploy the application in a lab environment first to ensure it is properly understood and implemented,  and then schedule upgrades in stages. For information, see Managing Endpoint Groups and Managing BloxOne Mobile Endpoint.

Enhancement:

BloxOne now displays all host types for hardware platforms on the Cloud Services Portal.

The Infrastructure > Host page of the Cloud Services Portal now displays B1-212 as the host type for Dell VEP appliances that are purchased from Infoblox. In addition, the "B105" hardware type is replaced by "B1-105."

BloxOne allows you to add new services directly on the Infrastructure > Host page.

You can now add services to a specific host on the Infrastructure > Host page without navigating to the Services page.

Enhancement:

BloxOne Endpoint for Windows version 2.4.3 is updated to provide a better experience with user group-based policies that do not require re-authentication on the agent. This release of BloxOne Endpoint for Windows and for MacOS version 2.4.3 also contains bug fixes.

For information, see Managing Endpoint Groups.

Enhancement:

BloxOne now includes an updated Global Search feature with improved usability and functionality.

BloxOne has an improved Global Search feature that provides deep links from search results to the objects and breadcrumbs for easier navigation. For more information, see Using Global Search.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

BloxOne DDI now allows the recursive client query limit to be set to a maximum 15000 queries.

BloxOne DDI allows configuring the recursive client query limit up to 15,000 queries, ensuring an optimal level of recursive queries to be processed concurrently by the recursive name server. For more information, see Enabling Recursive Queries.

An Enhanced Terraform package is now available in GitHub to support new features and functionality for BloxOne DDI.
This release of BloxOne DDI provides the following enhancements to the Terraform integration packages:

• Support for listing and creating the Next Available Subnet in an address block.
• Support for listing and creating the Next Available IP address in an address block, subnet, and range.
• Support for DNS forward zones. 
• Support for tag filtering in IPAM and DNS objects.

Feature:

BloxOne Mobile Endpoint for iOS will receive a MDM-less deployment option.

MDM-less deployment will allow better support for BYOD and other non-managed corporate devices. Users can now install BloxOne Endpoint from the Apple App store and enable it by scanning a provided QR code to protect their devices. QR codes are generated based on unique join tokens, which are easy to retire and rotate. Due to significant changes in the authentication process it is recommended to deploy the application in a lab environment first to ensure it is properly understood and implemented, and then schedule upgrades in stages. For information, see Managing Endpoint Groups and Managing BloxOne Mobile Endpoint.

Feature:

BloxOne DDI now allows Zone Federation on AWS and Azure.

Zone Federation is now supported on AWS and Azure, which allows you to distribute and manage DNS zone data across multiple authoritative servers. For more information, see Zone Federation.

BloxOne DDI supports importing AWS private hosted zones as read-only or read-write forward zones. 

Private hosted zones synced from the cloud provider are set up as forward zones on BloxOne host. Queries for domains added as forward zones will be forwarded by the BloxOne host to AWS for resolution, ensuring the most up-to-date data is referenced. For more information, see Importing AWS Private Hosted Zones as Read/Write Forward Zones.

BloxOne DDI allows the configuration of read-only or read-write sync process for third-party cloud providers. 

You can now configure the sync process for third-party cloud providers in read-only or read-write modes via the Cloud Services Portal. For more information, see Configuring Read Only or Read Write Sync.

Enhancement:

BloxOne Endpoint version 1.0.6  supports Ubuntu 20.x and RedHat 8.x distributions, in addition to Ubuntu 22.x. 

For information, see Linux Client Application Deployment.  

Cloud Services Portal

Maintenance:

From 11/3/2023 through 11/5/2023, BloxOne will perform an update to increase the security, availability, and scalability of all BloxOne services. The update begins on 11/3/23 at 7:30 PM PT and end on 11/5/23 at 6:30 AM PT. DNS and DHCP protocol services for BloxOne DDI and BloxOne Threat Defense continue to run uninterrupted.

Enhancement:

BloxOne introduces usability enhancements to global search and local search on the Cloud Services Portal.

The global search and local search enhancements include the following:

• Global search input functionality updates

• Local search bar and filter updates

• New page header design and icon size and placement updates

For information, see Using Global Search and Using Local Search.

BloxOne DNS

BloxOne DHCP

Enhancement:

BloxOne DDI allows downloading Service Logs for MS AD Sync Service. 

BloxOne DDI allows syncing DHCP options from Microsoft Active Directory Server Options. 

BloxOne DDI allows syncing DHCP options from Microsoft Active Directory Fixed Address. 

Enhancement:

BloxOne introduces a new table view to the Hosts, Services, Monitoring, Locations, and Templates tabs on the Manage > Infrastructure page of the Cloud Services Portal.

In addition to the card and map views, you now have the flexibility to view and manage the data of hosts, services, monitoring, locations, and templates in a table format on the BloxOne Infrastructure page.

BloxOne introduces a new table view to the Audit Logs, Service Logs, and Security Logs tabs on the Administration > Logs page of the Cloud Services Portal.

In addition to the card view, you now have the flexibility to view and manage the data of audit logs, service logs, and security logs in a table format on the BloxOne Logs page.

Enhancement:

BloxOne DDI allows synchronization of Azure DNS public zones, private zones, and resource records. 

BloxOne DDI now supports the ability to view DNS Public Zones, Private Zones and Resource Records that are served from Azure DNS service. This allows BloxOne DDI to be used as a “hidden primary” for Public DNS zones hosted in the Azure DNS service. For more information, see Microsoft Azure Integration.

Enhancement:

Maintenance Release - DHCP bug fixes and CVE-2023-3341.

• Bug Fix:
  • Issue: DHCP server not assigning leases. This issue was noticed in customers operating in an Advanced Active Passive HA mode.
  • Fix: A DHCP range cannot be assigned to a different server than its parent subnet.
• CVE-2023-3341

Enhancement:

BloxOne Threat Defense enhances full audit logging by adding details of Create, Update, and Delete (CUD) operations.     

Enhanced audit logging track changes in security policies, custom lists, application/category filters, BloxOne Endpoint/BloxOne Endpoint group settings, and more. For more information, see Viewing Audit logs.

Feature:

BloxOne lookalike domain management includes suggested domains for monitoring. 

A maximum of 25 suggested lookalike domains can be added to a custom lookalike watch list for monitoring.  For more information, see Viewing Custom Watched Domains and Adding Suggested Lookalike Domains.

Infoblox BloxOne bare-metal deployment now supports Red Hat versions 7.9, 8.7, 8.8, 9.1, and 9.2.     

For more information, see Bare-Metal Deployment.

Enhancement:

Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds.

Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds. Newly created custom RPZs are limited to a maximum of 6 million records. This limit includes all available feeds, such as Infoblox-curated data, Infoblox’s third-party data, and any uploaded data you provide. A new sizing indicator displays the number of records contained within a custom RPZ feed. Custom RPZ feeds created prior to the introduction of the new sizing guidelines will not be impacted by the new sizing guidelines, although no new records can be added. For information, see Sizing Guidelines for Custom RPZ Feeds. For information, see Sizing Guidelines for Custom RPZ Feeds.

Feature:

Infoblox supports the deployment of BloxOne hosts in Google Cloud Platform     

You can now deploy BloxOne hosts on Google Cloud Platform using Infoblox-provided GCP package you download from the Cloud Services Portal.  For more information, see GCP Deployment.

Infoblox supports the deployment of BloxOne hosts on Containerd Environments

You can now deploy BloxOne hosts on Containerd environments  using Infoblox-provided BloxOne Install packages you download from the Cloud Services Portal. For more information, see Bare-Metal Deployment.

Enhancement:

BloxOne enhances the Log Export feature to include additional metadata in the BloxOne Threat Defense DNS response logs.

DNS response logs are exported in parquet format. Exported parquet-files include the following additional columns: 'key', 'sld' and column 'extra' get additional fields: 'sld', 'pname', 'pdisplay_name', 'domain_applications', 'qname_norm', 'client_country', 'client_continent', 'event_date', 'response_continent', 'response_region', 'response_country', 'application', 'egress_ip', 'device_name', 'device_ip', 'domain_categories', 'network', 'record_type', 'query_type', 'response', 'user_name', 'endpointgroups'.

For information, see Exporting Logs. 

BloxOne DNS

BloxOne DHCP

Feature:

BloxOne DDI now provides MS AD Sync as a service running on a BloxOne host.

You can run the MS AD Sync service on a BloxOne DDI host to migrate DNS and IPAM/DHCP objects from Microsoft Active Directory into the Cloud Services Portal. For more information, see Microsoft Active Directory Integration.

The DHCP options in the CSV import/export file can be specified as separate columns instead of nested columns.

Bug Fixes:

Issue/Bug: DHCP HA group status was not correctly represented in the Cloud Services Portal

Fix: Additional health checks were introduced to calculate the status of a  DHCP HA group.

Issue/Bug: Notifications were not triggered for high utilization of DHCP ranges

Fix: The cloud service responsible for calculating utilizations for DHCP ranges has been patched to address issues related to deadlocks.

Feature:

You can now set up BloxOne sandboxes as test environments.

If your business requires a separate BloxOne test environment, you can purchase a BloxOne sandbox and set it up for testing purposes. For more information, see Managing Sandboxes.

Enhancement:

This maintenance release includes bug fixes for the DHCP service. 

Enhancement:

The following BloxOne Threat Defense RPZ feeds have been deprecated and are no longer available for BloxOne Threat Defense or for On-Prem DNS Firewall: SURBL Fresh Domains, SURBL Multi Domains, and SURBL Multi Lite Domains.

It is recommended that you add the following feeds in place of the deprecated feeds:

• NOED, with the same policy rules originally selected for SURBL Fresh
• Suspicious Domains with one of the policy actions to Block, if available based on subscription level.
• Suspicious Lookalikes with one of the policy actions to Block, if available based on subscription level.
• Suspicious NOED with one of the policy actions to Block, if available based on subscription level.
  

For information, see Recommended Feed Configuration to Replace the SURBL Feeds.

Enhancement:

BloxOne Threat Defense adds direct linked access from the dashboard charts to the chart source data to better facilitate threat investigations.

Direct linking of the dashboard charts to their source data allows for drilling deep down into their source data. This enhancement offers improved usability of the dashboard charts for tasks involving investigation and workflows by offering the convenience of pivoting between the charts and their underlying data. For information, see Viewing the Dashboard. 

Enhancement:

You can now transfer services from one BloxOne host to another.

The ability to reassign or transfer a service from one host to another is useful in situations where you need to update your network infrastructure or retire a BloxOne host. For information, see Editing General Service Information.

Enhancement:

BloxOne Introduces notification enhancements to improve usability.

BloxOne notification includes the following enhancements:

• When you click Notifications on the left navigation panel of the Cloud Services Portal, you can view personal notifications generated for your user account.

• You can click the notification icon at the top of the left navigation to view the 30 latest notifications in the New Notifications panel. The number displayed on the icon indicates the number of notifications you have received within the last three days. 

• You can choose the types of personal notifications you would like to receive. Individual settings do not affect the global or admin settings for other users.

For information on BloxOne notifications, see Infoblox Platform Notifications.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

You can now set the order of precedence for user-defined DHCP fingerprints.

BloxOne DDI now allows you to set the precedence of user-defined DHCP fingerprints. The rule with the lowest precedence value has the highest priority. For more information, see Creating DHCP Fingerprints.

BloxOne DDI tracks the IP addresses of hosts in IPAM.

BloxOne DDI now tracks the IP addresses that are owned and managed by the BloxOne hosts running the DDI service. These IP addresses are represented in IPAM as Reservations. For more information, see Configuring IPv4 and IPv6 Reservations.

You can now allow or deny leases based on DHCP filters.

BloxOne DDI now has the capability to allow or deny leases based on DHCP filters. For more information, see Creating Address Ranges.

You can now configure AWS as a Third Party DNS provider with additional configuration options.

BloxOne DDI now allows you to configure Third Party DNS provider through AWS delegated access using Principal and External ID. For more information, see Amazon AWS Route 53.

Enhancement:

You can now configure Third Party DNS Providers that support AWS sub-accounts for Route 53 Sync.

Third-party DNS providers can now accept credentials and AWS role ARNs, with proper permissions, to discover AWS accounts that contain Route 53 zones and resource records under each sub-account. For more information, see Amazon AWS Route 53.

Infoblox SSO Portal now supports Google Authenticator for multi-factor authentication, in addition to Okta Verify.

You can now choose Google Authenticator, in addition to Okta Verify, as the authentication method when you configure multi-factor authentication for your Cloud Services Portal users who have an email domain that matches the selected domain name. For more information, see Activating Multi-Factor Authentication.

BloxOne Threat Defense

Feature and Enhancement:

The BloxOne Application Discovery Report receives a makeover, enhancing user experience and providing more valuable insights into application usage within your network.

Updates to the Application Discovery Report introduce a refreshed look-and-feel, including new page headers and the ability to view historical data on the All Applications page for Approved and Unapproved application states. Application Discovery is available to BloxOne Threat Defense Advanced subscribers. For information, see Application Discovery. 

The Infoblox Summary Reports page receives a revamped look and feel.

The revamped Summary Reports page better facilitates user requests for summary report information. The new look and feel falls in line with the overall refresh of the Cloud Services Portal. The Executive Summary and Comprehensive Security reports are available to subscribers of BloxOne Threat Defense Business Cloud and BloxOne Threat Defense Advanced. For information, see Summary Reports.

The Notional Threat Insight List (TI-DNST) provides users with information about DNS Tunnels in their early stages, not yet fully classified as malicious. 

The Notional Threat Insight List detects DNS Tunnels in their preliminary phases before they reach a fully malicious status. This list operates with a default action of Allow-With Log. Since the tunnels are not yet conclusively identified as fully malicious, blocking them outright could lead to false positives. Organizations can modify the  default action to "Block" if their risk tolerance or organizational needs dictate.

BloxOne supports CISA Protective DNS encrypted DNS service. 

For Federal accounts, BloxOne  supports CISA Protective DNS, a secure and compliant server configuration utilizing encrypted DNS protocols (DNS-over-HTTPS or DNS-over-TLS).  Encrypted resolvers must be used when communicating with upstream DNS resolvers in adherence to to OMB memorandum M-22-09. For information, see Configuring DNS Forwarding Proxy to Use Encrypted DNS Protocols.

BloxOne provides new service KPI metrics for DNS Forwarding Proxy. 

Two new service KPI metrics have been introduced for DNS Forwarding Proxy: DFP Service Status and DFP Service Queries per Second.  

Infoblox SSO Portal now supports Google Authenticator for multi-factor authentication, in addition to Okta Verify.

You can now choose Google Authenticator, in addition to Okta Verify, as the authentication method when you configure multi-factor authentication for your Cloud Services Portal users who have an email domain that matches the selected domain name. For more information, see Activating Multi-Factor Authentication.

BloxOne Endpoint Management page has been revamped to provide endpoint properties.

A dedicated management page containing information on hostname, username, OS, location, and more on a dedicated page can be easily shared by a unique URL. A new endpoint property (public IP address) has also been included as part of this enhancement.  For information, see Viewing Endpoint Devices and Viewing Mobile Endpoint Devices.

BloxOne Endpoint version 2.4.0 release. 

BloxOne Endpoint 2.4.0 release contains minor bug fixes and collects additional metadata (serial numbers) on Windows and Mac OS devices. For information, see Managing BloxOne Endpoint. 

Feature:

BloxOne Endpoint is available for deployment on Linux (Ubuntu 22).

BloxOne Endpoint can now be downloaded for Linux Ubuntu 22 from the downloads page in the Cloud Services Platform (administration > downloads). For information, see Deploying Endpoint for Linux.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

You can now create DNS sort lists to prioritize records on certain networks.

DNS sort lists allow the prioritizing of A and AAAA records on certain networks when they are returned in DNS responses, thereby sorting them to the beginning of the list in the response. For more information, see DNS Sort Lists.

The BloxOne DDI API documentation has been enhanced.

The BloxOne DDI API documentation has been enhanced to match the features available in the Cloud Services Portal. The API documentation has been improved for technical accuracy and clarity. For more information see Universal DDI API Guide. 

DHCP Fingerprint database has been updated to the latest version.

he DHCP Fingerprint database has been updated in BloxOne DDI. For more information, see Configuring DHCPv4 Fingerprints.

BloxOne DDI hosts can now serve private zones from Amazon AWS R53.

BloxOne DDI host can now serve private zones from Amazon AWS R53. For more information, see Amazon Route 53 Integration.

BloxOne DDI provides contextual help in Add/Edit dialogs when you perform a task.

You can now click Help in Add/Edit dialogs and wizards to view contextual help while performing a task. 

Dashboard widgets now include various design enhancements.

The dashboard widgets include various design enhancements. The widgets for DHCP leases per second, DNS queries per second, and Total DNS queries show data as a line chart with the option to show as a bar chart. 

Feature:

You can now put a host in maintenance mode to perform necessary maintenance. 

In situations where you need to initiate maintenance on a host such as upgrading the OS, rewiring the host, or changing the location of the host, you can put the host in maintenance mode. When a host is in maintenance mode, you will not receive any notifications of host activities. However, you can continue to deploy services and perform configurations on the host. All host and service configurations are not affected during the maintenance mode. To resume notifications, you must manually stop maintenance mode on the host. For information, see Using Maintenance Mode for Servers.

Enhancement:

New Threat Insight deduction method ensures domains reported in RPZs are added for monitoring. 

The issue regarding the detection of DNS Tunneling events not being detected when using a filter with all categories and the action set to Allow-Log has been resolved. To remedy this issue, the check for a domain being part of an RPZ has been removed from the filtering process. This change allows the reported domains to correctly go through the Threat Insight deduction process. In the Cloud Services Portal, you can view the domains that have undergone Threat Insight deduction in the Threat Insight report section of the Security Activity report (Reports > Security Activity > Threat Insight). To make it easier to see the applied action filtering, a new column called Action has been added to the Threat Insight report. This column allows you to monitor the actions applied to reported domains based on precedence, ensuring protection. For more information, refer to the Threat Insight Report. For information see, Threat Insight Report.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

You can now synchronize DHCP Options from Microsoft Active Directory to the Cloud Services Portal. 

The synchronized DHCP options are read-only. For more information, see Microsoft Active Directory Integration.

You can configure the third-party DNS provider to consolidate public and private zones from AWS R53 into the selected DNS view.

You can also create a new DNS view while creating a third-party DNS provider. For more information, see Creating Third Party DNS Providers.

Feature:

You can now query host statuses using the BloxOne API.

BloxOne provides the "statuses" API call, so you can query host status, platform service status, and protocol service status. For more information, see Querying Server Statuses Using the API.

Enhancement:

BloxOne Notifications has a new data type for Data Connector

You can provision Data Connector to deliver Cloud Services Portal event notifications such as CPU utilization, new feature announcements, and more, to a SIEM destination. For information, see BloxOne Notifications.

Feature and Enhancement:

BloxOne supports the deployment of hosts on Hyper-V enabled Windows Server.

You can now deploy hosts on Hyper-V enabled Windows Server using Infoblox-provided VHD packages you download from the Cloud Services Portal. For more information, see VHD on Hyper-V Enabled Microsoft Server Deployment.

The BloxOne DDI DNS container addressed the following vulnerabilities: CVE-2023-2911, CVE-2023-2829 and CVE-2023-2828

• CVE-2023-2911: Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0.
• CVE-2023-2829: Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled.
• CVE-2023-2828: named's configured cache size limit can be significantly exceeded.

Feature:

BloxOne introduces Historical Data Reporting for the DNS Security and the Security Activity reports.

The historical data reporting feature affords the ability to search up to 60 days of cloud reporting data. The new historical data viewer will retrieve older data and allow you to view it within your activity reports. For information, see DNS Activity Historical Data Report and Security Activity Historical Data Report.

BloxOne DNS

BloxOne DHC:P

You can swap DHCP HA peers between Active and Passive modes.

The DDNS Update TTL value is now user-configurable.

Enhancement:

On May 18, 2023, Infoblox removed the ability to view legacy API keys as part of the process of deprecating these keys (which were replaced by the new API keys in February 2021). Since then, Infoblox identified a set of customers that are still using the legacy API keys. To provide all customers with the best possible experience and support while we complete the transition to the new API keys, the legacy API keys will remain visible and active until the end of July 2023.

Enhancement:

• When you perform a local search in the Manage > Infrastructure section, you can view all the objects on the specific tab (such as the Hosts or Templates tab) based on your filtering criteria; and you can page through the results. This applies to the Hosts, Services, Monitoring, Templates, and Location tabs.
• You can now use Global Search to find template objects by Name, Description and Tags.

Enhancement:

BloxOne adds new naming conventions for Threat Classes and Threat Families algorithm detections.

The following Threat Classes and Threat Family names are being updated. The renaming primarily impacts the Security Activity Report and Insightful Reporting.

• Security Activity Report: Both the new and old tclasses will appear in the Security Activity Report for the next month. Historical data will not be updated. 

• Insightful Reporting.

Enhancement:

You will no longer be able to view legacy API keys on the Cloud Services Portal. The legacy API keys are also not supported in API calls.

Enhancement:

BloxOne Endpoint

BloxOne Data Connector

Enhancement:

BloxOne Endpoint version 2.3.11 contains a few fixes and enhancements.

• This release fixes a rare occurrence when Endpoint for MacOS doesn't switch to the protected state after coming back from the "sleep" state.

• A configuration issue has been fixed if the DNS bypass probe domain is included in an internal domain list.

• Cleaning up temporary files and folders after an upgrade.

• Updated Infoblox branding.

Data Connector supports audit logs transfer to SIEMs for improved reporting to existing reporting systems. 

Data Connector supports the transfer of BloxOne audit logs to SIEMs (Splunk, Splunk Cloud, Syslog in CEF/LEEF formats), as well as Infoblox Reporting. This enables the integration of audit logs with existing monitoring and reporting systems, enhancing visibility and enabling better security and compliance management. For information, see Configuring Traffic Flows.

Enhancement:

The DNS QPS widget is calibrated to provide more accurate results.

The DNS QPS widget was enhanced for better accuracy. This enhancement includes bug fixes may result in higher QPS results.

Enhancement:

BloxOne delivers the following Dashboard enhancements: interactive legends, enhanced tooltips, chart selection options, and top threat classes filter and zoom flexibility.

• Interactive Legends: You can easily filter data elements in the legend and dynamically update charts to display the data most critical to you.

• Enhanced Tooltips: Smooth scrolling and intuitive display of the data points across the X & Y axis as you hover through dashboard charts and data series.

• Chart Selection Options: - Toggle between bar and area chart options to select the ideal display for your selected data set.

• Top Threat Classes Filter and Zoom Flexibility:  You can easily zoom in to explore and focus on smaller segments of the treemap for the Communication Threat Class and Remote Targets widget–updated with the ability to select and highlight individual segments.

For information, see Viewing the Dashboard.

Feature and Enhancement:

BloxOne supports DNS over TLS (DoT) in BloxOne Cloud to ensure the highest level of security provided to our customers using third-party DNS resolvers to directly communicate with BloxOne Threat Defense Business and Advanced subscription accounts.

Infoblox has enabled an encrypted DNS over TLS resolver (DoT) globally on threatdefense.infoblox.com, Anycast IP addresses, and in every point of presence. For information, see Configuring DNS Forwarding Proxy Settings.

The Web Content Discovery report has a new look with additional pivot capabilities and key trending data built into the interface.

Web Content Discovery is available to subscribers of BloxOne Threat Defense Advanced. For information, see Web Content Discovery.

Summary reports introduce the set up and automatic delivery of the Executive Summary and Comprehensive security reports at a set time, delivered directly to your email inbox. For information, see Summary Reports.

BloxOne Endpoint supports updated automatic inactive endpoint removal settings to support faster cleanup of unused endpoints.

The minimum interval is set to 15 days and the default value was updated to 100 days. The default value is also applied for endpoint groups with an undefined value (shown as 0 days on the Cloud Services Portal). For information, see Automatic Removal of an Endpoint After a Period of Inactivity

BloxOne security policy management can now be enabled for endpoint devices using the following metadata types: device operating system name and/or version, device hostname, and device country based on the geolocation of its IP address.

For information, see Configuring Network Scopes and Managing Endpoint.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

Three new dashboard widgets, DHCP Messages, DHCP Leases, and Total DNS Queries, are now available on the Cloud Service Portal.

BloxOne offers three new dashboard widgets in BloxOne DDI to show DHCP messages (ACKs sent and INFORMs received), DHCP leases (Total Reclaimed, Total Declined, and Total Assigned), and Total DNS Queries on a single host or a subset of deployed hosts. In addition to the existing widgets, these new widgets help with capacity planning and snapshotting the environments. For information, see Viewing the Dashboard.

Inline DNS Query/Response Tester is now available on the Cloud Services Portal.

BloxOne DDI allows you to run DNS queries (using the dig command) on a host running DNS service from within the Cloud Services Portal. This will help you troubleshoot DNS-related issues. You must upgrade to the latest version of the host software to use this feature. For more information on upgrading the host, see Scheduling Software Updates for Hosts. For more information about this feature, see Running a DNS Query.

You can disable DHCP protocol in subnets, ranges, and fixed addresses for the DHCP protocol.

This is particularly helpful during pre-deployment provisioning and troubleshooting activities. For information, see Configuring Subnets, Configuring Address Ranges, and Configuring Fixed Addresses.

You can view the status of DHCP HA Groups on the Cloud Services Portal.

BloxOne DDI now displays the health and status of the DHCP HA groups on the Cloud Services Portal. You can then monitor the HA groups' status periodically to ensure that the service is functioning properly. For information, see Configuring HA Groups.

The Cloud Services Portal now displays DHCP service metrics.

You can now view metrics associated with your DHCP service in the Cloud Services Portal. This gives you better visibility of the DHCP service. For information, see Configuring HA Groups.

BloxOne DDI provides the ability to migrate and display IPAM/DHCP objects imported from Microsoft Active Directory.

BloxOne DDI is now able to directly import DHCP and IPAM data from Microsoft Active Directory, allowing for the offloading of DDI functions from AD servers. For information, See Microsoft Active Directory Integration.

You can configure the abandoned-reclaim timer for abandoned leases in the Cloud Services Portal.

After configuring the ‘abandoned-reclaim time’ for abandoned leases, the DHCP server will recover the abandoned IP address (i.e. put it back into the available state) and the address will be available for assignment again. For information, see Advanced Configuration.

The Cloud Services Portal now displays all search results in a single view.

BloxOne DDI supports the ability to search across all pages using local search, aggregating the search results into a unified repaginated list. You no longer need to use global search if you are already in a zone or subnet. This allows for quick retrieval of information. For information, ssee Configuring Subnets, Configuring Address Ranges, and Configuring Fixed Addresses.

Enhancement:

Infoblox BloxOne continuously synchronizes account names with corporate names. If your account name changed over the last few years, the name displayed on the Cloud Services Portal might change. This does not have any other implications on your account: Your configuration and data stay the same.

Feature:

BloxOne introduces a location feature you can use to associate hosts with a specific location.

The location feature is useful when you want to group multiple hosts by geocoded address and be able to later identify the hosts by their location. For information, see Managing Locations.

Feature and Enhancement:

BloxOne Threat Defense adds a new standalone threat and RPZ feed: NOED feed.

The NOED feed consists of newly created domains, some of which may not be inherently suspicious. However, monitoring traffic to these domains may be advisable since there is a low likelihood of their being visited under normal circumstances which raises the possibility of their being used for potentially nefarious purposes. For information, see Viewing Active Threat Feeds and Threat Insight. 

BloxOne Threat Defense

Cloud Services Portal

Feature and Enhancement:

The BloxOne Lookalike Domains Activity report has undergone a comprehensive overhaul and redesign to optimize the organization and accessibility of data. Lookalike events are now grouped in a structured and logical manner based on specific criteria associated with the target domain, including the total count of lookalike domains, the total number of custom watched domains, and the total number of threat lookalikes. This enhancement ensures that the report provides a more practical, informational, and user-friendly experience for users.

For information on lookalike domain monitoring, see Custom Lookalike Domain Monitoring.

BloxOne introduces a monitoring feature you can use to integrate with your monitoring tools to obtain host metrics.

When you set up a monitoring configuration, BloxOne uses APIs on the associated hosts, so your monitoring tools can query host metrics and health status based on the configured authentication method. For information, see Monitoring NIOS-X Server Metrics.

BloxOne increases serviceability by introducing host service logs.

On the Cloud Services Portal, you can now view host service logs on the Manage > Infrastructure > Hosts tab by accessing General Information > Logs of a chosen host. For information, see Viewing Server Logs.

BloxOne now supports VLAN Interfaces when you configure the IP settings for a host.

You can now set up VLAN interfaces when deploying a host if you want to virtualize your network infrastructure. For information, see Setting IP Interfaces.

Enhancement:

The following BloxOne Threat Defense RPZ feeds have been deprecated and are no longer available for BloxOne Threat Defense or for On-Prem DNS Firewall.

• Spambot_IP 

• Bot_IP

For information on available feeds, see Supported Threat Intelligence Feeds and Licensing and Subscriptions.

Feature and Enhancement:

Infoblox introduces the new Routing page on the Cloud Service Portal.

BloxOne routing improves the flexibility, scalability and performance of routing by separating it from the Anycast service into new BGP, OSPF, and RIP services. If you are not currently using Anycast, you will see the new Routing page immediately, and no action is required on your part. If you are currently using Anycast, Infoblox Support will be contacting you to arrange the migration of your Anycast configuration to these new services. For information, see Configuring Routing.

Infoblox BloxOne bare-metal deployment now supports Ubuntu 22.04.

With this release, Infoblox BloxOne supports Ubuntu 22.04 and will continue to support Ubuntu 20.04 and 18.04. BloxOne will however stop the official support of Utunbu 16.04.

Feature and Enhancement:

Infoblox introduces the new Infrastructure page on the Cloud Service Portal. BloxOne Infrastructure provides the separation of infrastructure and services. It integrates status, metrics, and logs into a common viewer, so you can peruse consolidated information about your host infrastructure and services. Your current deployment will automatically migrate to the new Infrastructure page. No action is required on your part.

The following is a list of changes:

• Introduction of the new Manage > Infrastructure page within BloxOne that replaces the Manage > On-Prem Host page. The new page includes tabs for Hosts (new), Join Tokens (existing page - same functionality), Services (new - this is a complete set of deployed services on hosts), and Templates (new).

• The Manage > On-Prem Host page will be removed.

• New viewer for hosts and services accessible through the General Information link on Hosts or Services. The viewer presents detailed information about a specific host or service, including network configuration, status, notices (if any), metrics (for a period up to 30 days), and logs (for a period up to 30 days).

• The separation of networking using interface labels makes separating duties between host management and service management much easier.

• While service configurations reside where individual pages are in the Manage menu, you can refer to the configurations in Manage > Infrastructure > Services instead of associating the configurations with hosts. This allows for easier redeployment of the service when infrastructure has to be replaced.

• Simplification of status with dedicated status for host and service instead of mixing the two together (this means no more “Review Details” status).

• Advanced filtering is available separately on Hosts and Services (for example, you can use filters to find all services that are not online or all DHCP services across all hosts).

• Adjusted the service deployment dialogs.

• Host deployment works the same way as the On-Prem Host page by using a join token for virtual and customer-provided physical appliance or a serial number for Infoblox-provided physical appliance. Detailed configuration is adjusted to work with advanced interface labels.

• Use the new Template functionality to capture a snapshot of the service deployment of a host and apply the same service deployment to multiple hosts (for example, you can use one template and apply it to seven offices or use the same deployment for 263 stores). 

• Support of multiple interfaces on hosts will enable several dedicated network interfaces on each host. Services (DHCP, DNS, DNS Forwarding Proxy, Data Connector, NTP) can be deployed using a specific interface, which can differ between services. This allows individual services to work within separate networks.

• Support for alternative network connections between a host and the Cloud Services Portal. Two or more interfaces can be configured as WAN connections to the Cloud Services Portal. Priority of connections is supported for cost and performance reasons.

• Display of hosts in a map view based on the NatIP address of the host will provide a better understanding of the infrastructure deployment around the world and could help identify region-based issues.

Feature and Enhancement:

BloxOne introduces a new debugging CLI, so you can troubleshoot issues related to cloud connectivity and on-prem host deployment. 

Through the Device UI, you can enable or disable a secure terminal connection on port 2022 between your BloxOne host and the newly implemented debugging CLI. When you experience issues related to cloud connectivity or BloxOne platform image deployment, you can troubleshoot those issues through the debugging CLI. 

The Cloud Services Portal introduces the “Upcoming Releases” section that displays feature announcements for upcoming BloxOne releases.  

In addition to “What’s New,” the landing page of the Cloud Services Portal now includes an “Upcoming Releases” section that displays upcoming feature announcements for future BloxOne releases.

BloxOne Threat Defense

BloxOne Ecosystem

Feature and Enhancement:

BloxOne Threat Defense supports a preferred PoP selection.

Infoblox uses dynamic routing and global server load balancing to provide connectivity to points of presence (PoP). In most cases, automatic PoP selection works perfectly for all customers; however, sometimes third-party service providers make updates that affect PoP selection, which changes DNS resolution and affects the performance of other SaaS services. With this release, you will be able to define preferred PoP per DNS Forwarding Proxy (DFP) and Endpoint Group. DFP and BloxOne Endpoint must be able to communicate with PoPs directly by listed IP addresses and hostnames. Please adjust your firewalls configuration accordingly. For information, see BloxOne Endpoint.

BloxOne Threat Defense supports Web Content Discovery.

Web Content Discovery is a new feature of the BloxOne Threat Defense Advanced package. It assists organizations in identifying high-risk activities in use across their networks, by whom and by which device. The new report identifies all known web traffic by category and identifies specific categories associated with a higher risk to organizations. For information, see Web Content Discovery. 

BloxOne Threat Defense adds new and updated detection algorithms.

The BloxOne Threat Defense "Security-Activity" report now includes “Threat Family” in the "Threat Insight" detection report. It incorporates improved detection algorithms and protection from DGA (Domain Generation Algorithm), DDGA (Dictionary Domain Generation Algorithm), DNST (DNS Tunneling), and DDOS (Distributed Denial of Service) attacks. Additional algorithm enhancements include the ability to capture misconfiguration issues in customer environments and capturing Suspicious and Phishing Lookalike domains in customer traffic. For information, see Security-Activity Threat Insight Report. 

BloxOne adjusts the date range for DNS Activity and Security reports to a maximum of 31 days.

Infoblox adjusts the date range for DNS Activity and Security reports to a maximum of 31 days. Subscription customers for BloxOne Threat Defense Business On-Premises, Business Cloud, and Advanced will continue to have access to these reports for up to 31 days to provide visibility into recent DNS or security activities. For longer-term reporting needs, the Data Connector (DC) service is available for exporting data into third-party tools that offer storage beyond 31 days (e.g. SIEMs that are better suited for historical data storage and searching). For more information on Infoblox integrations with ecosystem partners, visit the Ecosystem Integration with SIEM page on Infoblox.com.

Infoblox will conclude the support of Data Connector-based Threat Insight on May 5, 2023.

On May 5, 2023, Infoblox will conclude support of the configuration that delivers Threat Insight using the Data Connector (DC). This only impacts customers who use both BloxOne Threat Defense (Advanced or Business licenses) along with NIOS appliances that are connected to the Infoblox Cloud via the DC. This does not affect self-contained versions of on-prem Threat Insight on NIOS platforms or cloud-only versions of Threat Insight. A very small number of Infoblox customers utilize configurations that use the Data Connector Threat Insight, therefore; continued support is no longer practical. In preparation for this change, Infoblox will no longer store internal authoritative DNS queries in the Infoblox cloud for customers sending such data via the Data Connector. Internal queries are not required for Data Connector, Threat Insight or any other supported uses. As a result, this end of support is unlikely to impact Threat Insight. After February 18, 2023, there will be no change to the network or configurations. After May 5, 2023, calls for support will no longer be accepted for this configuration. As such, we recommend discontinuing this configuration as soon as possible to preserve resources for your on-prem appliance and network. If your deployment uses this configuration, please reach out to your Customer Success Advocate (CSA) to discuss options for transitioning to a supported, more dynamic, and reliable configuration.

Enhancement:

BloxOne Threat Defense changes to combination feeds.

The combination RPZ feeds (high_block, high_log, med_block, med_log, low_block and low_log) will be changed for maintenance purposes. There may be minor but noticeable changes to the number of indicators available in each feed.

Enhancement:

Data Connector supports filtering expressions and additional filter types for DNS security logs.

• By using filtering expressions, you are able to specify which traffic should be passed on and which should be dropped.
• DNS security logs can be filtered by new fields/properties: threat level, threat confidence, threat class, threat property, policy action, and feed name (custom list name).

   For information, see Data Connector. 

Feaure and Enhancement:

BloxOne introduces a new debugging CLI, so you can troubleshoot issues related to cloud connectivity and on-prem host deployment. 

Through the Device UI, you can enable or disable a secure terminal connection on port 2022 between your BloxOne host and the newly implemented debugging CLI. When you experience issues related to cloud connectivity or BloxOne platform image deployment, you can troubleshoot those issues through the debugging CLI. 

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

BloxOne DDI now supports external forwarders when DNS Forwarding Proxy (DFP) and BloxOne DDI DNS cohabitate on the host. 

BloxOne DDI now has the ability to use DNS Forwarders when co-deployed with the BloxOne Threat Defense DNS Forwarding Proxy (DFP). These DNS Forwarders will be used in lieu of recursing to the Internet root name servers. This is helpful in situations where access to the root servers is restricted. For more information, see Using Forwarders. 

Clear leases and resend DDNS updates for multiple leases. 

DHCP leases can now be cleared at the subnet or range level or by selecting multiple leases. You can also resend DDNS updates simultaneously for a number of active leases. You must update the on-prem host to the latest version for the clear lease functionality to work. For more information, see Clearing Lease and Resending DDNS Update.

Configure lease time as a filter in the hardware filter or option filter. 

You can configure lease time within a DHCP filter. This way, you can assign different lease times to different types of devices within the same subnet. For more information, see Creating IPv4 Hardware Filters and Creating Option Filters.

Configure DHCP Option 58/59 T1/T2 timer values for IPv4 and IPv6 DHCP leases.

You can configure 'Renewal Time (T1)' and 'Rebinding Time (T2)' values for IPv4 and IPv6 DHCP leases at the subnet level. This will enable devices that need to retain an IP address for an extended period get regular updates of network infrastructure changes via new DHCP options from renewals. For more information, see Defining Lease Times.

Synchronize and display DNS records imported from Microsoft Active Directory. 

BloxOne DDI is now able to directly import DNS data from Microsoft Active Directory, allowing for the offloading of DNS functions from AD servers. For more information, see Microsoft Active Directory Integration.

View AWS Route 53 private zones and records. 

BloxOne DDI now supports the ability to read DNS private zones and resource records that are served from Amazon AWS Route 53 service. For more information, see Amazon Route 53 Integration.

Import or Export DHCP Host object. 

You can now manage IPAM/DHCP Host objects in bulk using the standard import/export process in the Cloud Services Portal; both JSON and CSV data formats are supported. For more information, see Importing and Exporting Data and Supported Attributes.

Refinement of CSV import process resulting in requiring fewer fields. 

BloxOne DDI has enhanced the CSV import process to require fewer fields when creating DNS objects.

Assign or remove tags for multiple fixed address objects. 

This enhancement provides the ability to add or remove tags for multiple DHCP fixed address objects simultaneously. The tags assigned to IP addresses and their fixed addresses are now synced with each other. For more information, see Creating Fixed Addresses.

BloxOne Threat Defense

BloxOne DDI

Enhancement:

Displaying a list of announcements, instead of only the most recent announcement, for new BloxOne releases on the Cloud Services Portal.

In previous releases, the landing page of the Cloud Services Portal displayed new feature announcements only for the most recent BloxOne release. It now displays a list of feature announcements for the past 30 days. This helps you keep track of all BloxOne product releases within the Cloud Services Portal without having to visit a separate website.

Enhancement:

Dossier Summary Report now includes a screenshot image of queried domains. 

With the implementation of the Dossier domain image feature, it is now possible to view a potentially dangerous domain without visiting it. Visual examination of a target domain can dramatically cut down on research time. For information, see Dossier Summary Report.

Category filters adopt a "tree-like" design structure similar to application filters. 

With the implementation of an updated design, category filters and their associated subcategories are easier to navigate and to use from within the Cloud Services Portal. For information see Creating Category Filters.

Enhancement:

On the Cloud Services Portal, the configuration of global NTP settings is now under Manage > NTP. This function was previously under Manage > Hosts. For information, see Configuring Global NTP Settings.

Enhancement:

BloxOne supports streamlined record filtering for viewing, analyzing, and downloading of service logs.

A revamped service logs page provides the ability to filter log records based on timestamp, log type, and host. Filtered results can be viewed on the page or downloaded in CSV format. Filtering criteria can be saved for re-use. For information, see Viewing Service Logs.

Feature and Enhancement:

BloxOne supports policy scopes based on external and internal networks allowing overlapping/inclusion of the scopes defined in other policies.

Policy precedence defines which policy will be chosen. For example, you can define a strict policy with higher precedence for infrastructure devices (e.g., routers) which are located in the same subnet with employees. For information see Configuring Network Scopes and Configuring External Networks. 

BloxOne security policy actions support the following DNS response TTL enhancements.

• Policy actions “Block - Redirect” and “Block – Custom Redirect” now set the DNS response TTL to 10 seconds. Previously, the TTL was set to 0.
• Policy action “Allow with Log” will not modify the DNS Response TTL. Previously, the TTL was set to 0.

BloxOne application discovery supports two new, default application filters: All Approved Applications and All Unapproved Applications.

Using the new filters, an application can be assigned an approved or unapproved status. Application status can be viewed on the Application Discovery summary page. This feature is available to BloxOne Threat Defense Advanced subscribers. For information on application discovery, see Viewing Applications. 

BloxOne lookalike domain management adds a suspicious flag to domains reported as being malicious or suspicious.

A suspicious flag has been automatically added to the DNS Activity and Security Activity reports to indicate malicious and suspicious domains. Flagged domains are added to a custom list automatically, providing an organization the option of automatically adding them to a custom configured block/log list. For information see Custom Lookalike Domain Monitoring.

BloxOne access authentication supports a configurable sign-out session page for authenticated users.

Authenticated users can sign out of a session from the same captive portal page. For information see Managing Access Authentication. 

Enhancement:

BloxOne enhances your monitoring solution by providing an API in the cloud that you can use to query current metrics.

You can now integrate the BloxOne on-prem solution with your monitoring tools by using the newly implemented API to query current metrics of the infrastructure and services deployed on your hosts. Supported metrics include host CPU, memory, storage, port metrics, and protocol metrics. For more information, see https://csp.infoblox.com/apidoc.

Enhancement:

Dossier integration for the Emerging Threats threat feed by Proofpoint (ETPro).

Integration with ETPro data when using a customer-provided Proofpoint API key provides a unified threat view of their threat ratings alongside the other rich threat Intelligence available within Dossier. For information, see Dossier Summary Report.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

BloxOne DDI now displays DNS Name in the IPAM view.

The IPAM view in BloxOne DDI has been enhanced to automatically populate the DNS Name column if a DNS View is associated with an IP Space. 

The maximum DHCP lease time is now set to five years.

BloxOne DDI will automatically convert imported DHCP lease times that are unlimited to the maximum supported by the system, which is five years. For more information see, Defining Lease Times. 

BloxOne DDI supports IPv4 /32- and IPv6 /128-prefixed networks.

BloxOne DDI now supports /32-prefixed networks for IPv4 and /128-prefixed networks for IPv6. For more information, see Creating Subnets..

DHCP and DNS Host Service Updates.

During host updates, the BloxOne DDI host DNS and DHCP services will receive a periodic update for general maintenance purposes.

Feature:

BloxOne Threat Defense supports Application Discovery.

Application Discovery allows you to see many of the applications used within your environment. Using DNS-based traffic patterns and detection signatures created by the Infoblox Threat Intelligence Group, many applications can be observed and associated with your protected assets. Because this is DNS-based, it automatically works for all the assets protected by BloxOne Threat Defense. The new interface (found under Reports) allows you to choose what applications are part of your supported standards and which applications are not. While the complete list of applications is extensive, many categories of applications are supported, including the following categories; business, personal storage, search engines, email, remote connectivity, video conferencing, data storage, and marketing services. By tracking applications, you gain better visibility into Shadow IT and applications with increased risk, such as unmanaged cloud storage providers. Increased visibility and compliance are just another part of BloxOne Threat Defense. Note: Check the interface regularly, as we will add new application detections over time. Not all applications that can be detected can be blocked in a security policy. Feedback on a specific application detection can be given within the Dossier screen.

Application Discovery is available to BloxOne Threat Defense Advanced subscribers. For information, see Application Discovery.

Feature and Enhancement:

The BloxOne platform supports basic HTTP authentication for REST API.

Basic authentication provides the ability to use authentication credentials in the form of a CSP API key in the authorization header of the HTTP API. The API key replaces the username and password for a more secure means of basic authentication. For information, see Using Basic Authentication.

You can restart BloxOne services from the Cloud Services Portal.

In addition to starting and stopping BloxOne services, you can now restart services through the Cloud Services Portal. For information, see Enabling and Disabling Services on Hosts.

BloxOne supports importing and exporting NTP service configuration data.

You can now import and export NTP service configuration data through the Cloud Services Portal. For information, see NTP Service Configuration (ntpserviceconfig).

Feature:

BloxOne now provides security logs generated from supported sources, so you can monitor the security and safety of your network infrastructure.

On the Cloud Services Portal, you can now view security events generated by supported application sources and download the security logs in CSV format. For more information, see Viewing Security Logs.

BloxOne Threat Defense

BloxOne Endpoint

Enhancement:

Intelligent Pop Selection enabled on DNS Forwardng Proxy (DFP) and BloxOne Endpoint for AMS customers.

BloxOne Threat Defense customers (mostly AMS) have been migrated to new infrastructure supporting intelligent PoP selection. For information, see DNS Forwarding Proxy and Endpoint Management.

Enhancement:

Infoblox TLD Score is now included in the Dossier Threat Indicator Report summary.

The TLD score indicates the level of risk associated with a top level domain (TLD). This score along with other data presented by Dossier can help when making a decision to block or allow a remote domain. For more information, see Dossier Threat Indicator Summary Report.

BloxOne DDI

BloxOne DHCP

Feature:

BloxOne DDI can now be deployed in distributed IPv6 environments.

BloxOne DDI can be deployed in distributed IPv6 environments where the DHCP server is not on the same subnet as the clients it is serving.

Feature and Enhancement:

BloxOne extends troubleshooting support via the Device UI to bare-metal host deployments.

For bare-metal host deployments, you can now review configuration status and download the support bundle via the Device UI for troubleshooting purposes. For more information, see Troubleshooting Hosts.

BloxOne implements metric-based traffic routing, so you can prioritize network interfaces for communication with the Cloud Services Portal.

You can now modify the metrics of network interfaces for each gateway on the respective host, so you can influence the routing path used for cloud communication. For more information, see Viewing and Modifying Host Configuration.

Feature:

BloxOne Endpoint log level settings from the management portal.

With this upgrade, BloxOne Endpoint troubleshooting becomes much easier. You will be able to change log level for BloxOne Endpoint directly from the Cloud Services Portal (https://csp.infoblox.com). BloxOne Endpoint will be upgraded to support the feature on 8/30/2022. You can postpone the upgrade if needed. For information, see Endpoint System Level Logging.

Enhancement:

BloxOne Threat Defense support for filter categories.

New content categories and sub-categories are now supported for custom filter creation.

For information, see Creating Category Filters.

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

BloxOne DDI now supports the ability to create and manage SVCB and HTTPS resource records.

You can now create HTTPS and SVCB resource records. In addition, you can enable synthesizing A and AAAA records from an HTTPS record, which can be used to define an alias even at the apex of a zone. For more information, see Controlling DNS Queries.

You can configure access control lists (ACLs) for IPv6 addresses.

BloxOne DDI now supports the ability to add IPv6 addresses and networks to ACLs used to control access to the DNS server in DNSv6 environments. For more information, see Creating Access Control Lists. 

You can now use simplified CSV import parameters to create a file for import. 

The parameters in the CSV export have been simplified with the objective of making it easier to edit a CSV file. The parameters are now self-explanatory and easily editable. For more information, see Import Parameters. 

BloxOne DDI provides the ability to show or hide graph elements in reports. 

You can now select the check box for a parameter to appear in the graph. Clear the check box for the parameter to be hidden from the graph. The graph is updated automatically based on your selection. For more information, see Viewing Reports.

BloxOne DNS

BloxOne DHCP

Feature:

You can view license utilization of your BloxOne licenses by quarter, month, or day for the past two years.

BloxOne DDI now allows you to view how BloxOne licenses are utilized in your organization. You can view license utilization for DNS queries, active IP addresses, and instances deployed across your BloxOne environment for the past two years or eight quarters. You can filter license utilization by quarter, month, or day. If a license is expired or about to expire, the report will show an error. For more information, see Viewing License Entitlements.

BloxOne Threat Defense

BloxOne Endpoint

Feature and Enhancement:

BloxOne Threat Defense supports "block no log" and "redirect no log" security policy actions.

In some cases, you may need to block traffic without logging information about the action due to the large volume of events. Infoblox is releasing these new policy actions so you can suppress such noise events and be able to focus on important security issues. The new policy actions, "block no log" and "redirect no log," block DNS requests without logging events in the Security Activity report. The blocked DNS requests will be available in the DNS Activity report. For information, see Adding Policy Rules and Setting Precedence.

BloxOne Threat Defense support three new indicator feeds. 

This release introduces three new feeds for security policies. The first two provide additional options for blocking sanctioned nations. The existing sanctioned feed, “US OFAC Sanctions IPs,” will now only block nations that are embargoed (Cuba, Iran, Myanmar, North Korea, Syria and Venezuela). The two new feeds are “US OFAC Sanctions (High) IPs” and “US OFAC Sanctions (Med) IPs.” The “Sanctions (High)” blocks all nations in the embargoed list, plus the following: Belarus, Cambodia, Central African Republic, China, Democratic Republic of Congo, Iraq, Libya, Macao, Russia, and Yemen. The “Sanctions (Med)” includes all of the nations included in the embargoed and high lists, plus the following: Lebanon, Somalia, South Sudan, Sudan, and Zimbabwe.

Additionally, Infoblox has decided to create a new feed for suspicious indicators. Suspicious indicators are indicators that identify sites that should be blocked based on clear evidence, even though an attack using the indicator has not been triggered at that time. For information, see Viewing Threat Feeds and Threat Insight.

Tag support for BloxOne Threat Defense objects.

Tags provide you with an ability to add additional context to the configuration settings. With this release, administrators will be able to define tags for the following Threat Defense objects: BloxOne Endpoint, BloxOne Endpoint groups, custom lists, security policies, DNS forwarding proxies, category and applications filters, custom redirects, internal domains, and external networks. In subsequent releases Infoblox will be able to provide enhanced services based on tags. For information, see Applying Tags. 

BloxOne Endpoint Chromebook support for Google API.

BloxOne Endpoint for Chromebooks will be upgraded to support new Google APIs. The service may become unavailable for outdated endpoints, so all customers are encouraged to upgrade endpoints as soon as possible. For information, see Deployment of BloxOne Chromebook Client.

BloxOne Policy for non-authenticated users.

Access authentication service allows you to define security policies per user group and authenticate users with third-party IdP providers such as Microsoft Active Directory, Azure Active Directory, Okta, and OpenAM. This release enables the creation of security policies for non-authenticated users (users before authentication), IoT, and/or infrastructure devices if they cannot be authenticated at all. Policies for non-authenticated users and devices can be very restrictive to allow communications with a very limited number of domains and/or applications. This upgrade will require DNS forwarding proxy to restart with the planned service interruption for up to two minutes. For information, see Authentication Policy for Non-authenticated Users and Non-authenticated Devices.

Feature:

You can now control user access to the Cloud Services Portal and associated functionality by enabling restricted IP addresses for selected user groups. For more information, see Restricting Access for User Groups.

Data Exchange (TIDE)

BloxOne Dossier

Enhancement:

Feed filtering for BloxOne Dossier/TIDE.

In this release, you can precisely control the type and volume of indicators sent to your appliances by specifying individual indicator class and defining the threat and confidence levels that are being put into a customized RPZ feed. This allows users to precisely control type and volume of indicators sent to their appliances. For information, see TIDE Data.

Dossier Integration (Bring Your Own License) for Mandiant

Dossier supports Bring Your Own License (BYOL) integration with Mandiant data when using a customer-provided API key. For information, see Dossier Summary.

BloxOne DNS

Feature:

Filter absolute_zone_name , dns_absolute_zone_name, and dns_absolute_name_spec, via the BloxOne API.

BloxOne DDI now supports filtering on the fields absolute_zone_name , dns_absolute_zone_name, and dns_absolute_name_spec, via the BloxOne API. These fields contain the fully qualified domain names as opposed to the relative domain names.

Cloud Services Portal

BloxOne Ecosystem 

Feature and Enhancement:

Data Connector supports multiple data connectors to pull data/logs from BloxOne Cloud.

Multiple data connectors can now be deployed to pull data/logs from BloxOne Cloud and send the data to multiple destinations. For more information, see Configuring Destinations.   

Data Connector supports multiple indexers for Splunk Destination.

Multiple indexers can now be provisioned to a Splunk destination allowing for optimum load distribution. For more information, see . For more information, see Setting Up Splunk.

The BloxOne customer service portal now displays the serial number for all virtual appliance, deployments such as VMware, Azure, AWS, KVM.

 Serial numbers of all virtual, deployments for VMware, Azure, AWS, and KVM  can be viewed in the BloxOne customer service portal.  For more information, see https://support.infoblox.com.

Enhancement:

Monitoring BloxOne Endpoint connectivity to Point of Presence (PoP). 

As a DNS administrator, you can now monitor to which PoPs your endpoints are connected. When BloxOne Endpoint connects to a new PoP, the endpoint connection status will automatically be updated allowing for better tracking of potential DNS connectivity issues and for determining what geographic region your endpoint resides. For more information, see Endpoint Management.

Enhancement:

Three new threat/RPZ feeds are available for DNS firewall.

The following new threat/RPZ feeds are available for DNS Firewall: 

• Suspicious Indicators: A dedicated feed that includes all suspicious indicators categorized as being suspicious. This feed is available to all BloxOne Threat Defense Advanced subscribers.
• Sanctions - High Risk: This feed includes all high risk indicators from sanctioned countries. Indicators from the following countries are included in the feed: Belarus, Cambodia, Central African Republic, China, Cuba, DR Congo, Iran, Iraq, Libya, Macao, Myanmar, North Korea, Russia, Syria, Venezuela, and Yemen. This feed is available to all Advanced and Business licensed BloxOne Threat Defense subscribers.
• Sanctions - Medium Risk: This feed includes all medium risk indicators from sanctioned countries. Indicators from the following countries are included in the feed: Belarus, Cambodia, Central African Republic, China, Cuba, DR Congo, Iran, Iraq, Libya, Macao, Myanmar, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, Yemen, and Zimbabwe.   This feed is available to all Advanced and Business licensed BloxOne Threat Defense Cloud subscribers.

For more information, see Viewing Active Threat Feeds and Threat Insight.

Cloud Services Portal

BloxOne DNS

BloxOne DHCP

Feature and Enhancement:

A new Trusted Partner user group, “ib-trusted-partner,” is now available in BloxOne.

The user group, “ib-trusted-partner,” is now available in BloxOne, giving assigned users read-only access to information in BloxOne, without the ability to make changes.

Saved filters for BloxOne DDI objects can be reloaded for future use without re-configuration.

You can now configure and save filters for various BloxOne DDI objects and reload the saved filters for future use without re-configuring them again. Filters are available for DNS, DHCP, and IPAM objects as well as reports. For more information, see Configuring DNS Zones.

Network discovery information is displayed for IPAM objects imported from NIOS.

Network Discovery infor mation associated with IPAM objects imported from NIOS using the NIOS Grid Connector is now automatically displayed in the information pane on the Cloud Services Portal.  For more information, see Enabling the NIOS Grid Connector Service.

Feature and Enhancement:

Dashboard time intervals have been expanded.

The time intervals for Dashboards can now be configured for 48 hours, 7 days, and 1 month, in addition to the existing 24 hours. For more information, see Viewing the Dashboard.

Reports time intervals have been expanded.

The Total DNS Queries, Total DHCP Lease Operations, and Top DHCP Client Requests can now be configured for 1 hour. For more information, see Viewing Reports.

DNS Server Groups can be added to Forward Zones.

You can now configure DNS server groups and add them to forward zones, in addition to the existing primary and secondary zones. For more information, see Creating a Forward Zone.

Fixes:

Searching for subzones in Flat Zone View now shows the associated FQDNs of the subzones.

Infoblox resolved an issue that occurred when searching for a subzone and its associated FQDN was not displayed. When the same subzone was used in multiple domains, it could be difficult to locate it without going through the entire list. Search results now include the subzone and its associated FQDN.

Data Exchange (TIDE)

BloxOne Dossier

Dossier and TIDE enhancement:

ThreatFox malware detection for Dossier from Abuse.ch

ThreatFox reports indicators of compromise (IOCs) associated with malware giving more context to your threat investigations. For information, see Dossier Source Descriptions.

Feature and Enhancement:

BloxOne DDI supports the ability to create HA groups over Anycast.

BloxOne DDI now supports the ability to configure HA Groups that utilize the BloxOne Anycast service.  A DHCP Anycast HA Group is an Active/Active pair of hosts that share a virtual IP address (VIP) for DHCP protocol communications, acting from the clients’ perspective, as “one” DHCP server.  The VIP is advertised using the BloxOne Anycast service, which leverages either OSPFv2, OSPFv3, or BGP to announce reachability.  For more information, see High Availability for DHCP and Creating HA Groups.

You can configure BloxOne DDI to send DHCP DDNS Updates to Microsoft DNS Servers using GSS-TSIG.

Building on the existing ability to receive GSS-TSIG DDNS updates, BloxOne DDI can now send GSS-TSIG authenticated DDNS updates to Microsoft DNS servers.  DDNS updates are used to dynamically update DNS data, based on DHCP client information. For more information, see Enabling DDNS for IPv4 Clients.

BloxOne DDI lifts DHCP lease limits for hosts.

BloxOne DDI hosts (or HA pairs) running DHCP are no longer limited to 25,000 leases each.  Now, each host (or HA pair) can support an unrestricted number of leases, based on the locally available resources.  

BloxOne supports deploying hosts in Amazon AWS.

You can now deploy BloxOne DDI on hosts in AWS using Infoblox-provided Community or Public BloxOne AMI images. For more information, see EC2 Instances Using AMI in AWS Deployment.

You can view the status of long-running tasks.

BloxOne DDI provides the ability to view tasks that run in the background. You can view the entire list of tasks, clear the task from the list, or edit the tasks. For more information, see Viewing Background Tasks.

Ability to sync Microsoft zones and DHCP exclusion ranges from NIOS to the Cloud Services Portal.

NIOS Grid Connector allows you to import Microsoft-managed zones and DHCP exclusion range from NIOS to the Cloud Services Portal. For more information, see Configuring NIOS Grid Connector.

You can include client IP address, MAC address, and DNS view the information in outgoing DNS queries.

Include the client IP address, MAC address, and DNS view information of the client from which the DNS query was initiated, to outgoing recursive queries. For more information, see Using Forwarders. 

BloxOne DDI now supports conflict resolution for DHCP with multiple options.

Conflict resolution ensures that the DNS record's information associated with one DHCP client is not updated by other DHCP clients. For more information, see Enabling DDNS for IPv4 Clients.

Overall DDI Dashboard Performance enhancements

Widgets on the DDI dashboard have been enhanced to improve overall performance with significantly improved result response time. Additionally, all graph time indexes are now standardized to UTC.

BloxOne DDI enhances host selection for DHCP HA Groups.

Search results are now repaginated to simplify host selection when creating and managing DHCP/DNS config profiles, DHCP HA Groups, and Subnets.

BloxOne expands the ability for you to specify custom templates for webhook notifications.

You can now integrate your notification platforms by specifying custom templates for webhook notifications. You can specify any number of webhooks and their associated templates and specify the notification types they will be used for. For information, see Configuring Service Integrations.

BloxOne Endpoint
BloxOne Threat Defense
Data Exchange (TIDE)

BloxOne Endpoint enhancements:

You may now implement security policies based on user groups with supported SaaS IdP (Identity Provider) which currently includes Okta and OpenAM.

A policy provisioned for a BloxOne Endpoint Group will be applied before a user is authenticated. Once a user is authenticated, it will be possible for the user to browse the Internet or other restricted content as allowed by the policy. For more information, see Endpoint SSO Authentication.

The BloxOne Endpoint is available for deployment on Chrome OS version 90 and above.

 BloxOne Endpoint is available on the following platforms: Microsoft Windows, MacOS, iOS, Android, and Chrome OS. Note that Android and Chrome devices should be managed by Google Admin Console. For more information, see Mobile Endpoint Management.

Scheduling and/or deferring upgrades per endpoint group.

It is now possible to evaluate new features and enhancements in a test group before rolling out the upgrade to the entire company. You may also postpone the upgrade to a more convenient date/time per endpoint group. For more information, see Scheduling Endpoint Group Updates.

Netskope client compatibility with BloxOne Endpont.

BloxOne Endpoint is officially certified to run with Netskope client 93.0.1, provided that you disable "Bypass Loopback DNS feature flag" on Netskope. For more information, see Endpoint Compatibility Guidelines. 

Policy management enhancements:

User authentication and group-based policies with Microsoft Active Directory for DNS Forwarding Proxy (DFP).

In addition to SaaS IdP providers Okta, OpenAM, Microsoft Azure Active Directory, it is now possible to authenticate users on Microsoft Active Directory. This service is supported for standalone DFP (deployed in a VM or as a container) or running with BloxOne DDI services. For more information, see Configuring Microsoft Windows Active Directory Sync for Hosts. 

Access authentication exceptions based on subnets or individual IP addresses.

To allow non-authenticated access for IoT and infrastructure devices to the same DFP infrastructure used by other users, you can now define exceptions based on subnets or individual IP addresses. For more information, see Associating Authentication Profiles with Servers.

Support for safe search enforcement.

DNS category filtration provides good protection against explicit content, but search engines themselves can provide access to restricted content. For compliance reasons, or simply to prevent juveniles or other users access to such content, search engines provide "safe" versions of their search engines, which filter out inappropriate results. To help enforce the policy for all devices, this new policy feature can automatically redirect users to a safe version of the supported search engines. This feature currently supports the following search engines: Google Search, Bing, Youtube, and Yandex. For more information, see Safe Search Enforcement.

Local DNS request processing optimization.

To reduce the number of noise requests forwarded to the cloud and to avoid misconfiguration, DFP and BloxOne Endpoint will automatically forward all PTR requests for any private subnets (e.g. 10.0.0.0/8, 192.168.0.0/16, etc.) to local DNS servers. With this enhancement, you will not need to list such subnets in the internal domains or custom allow lists. For more information, see Forwarding DNS Traffic to BloxOne Threat Defense Cloud. 

BloxOne Threat Defense RESTful API updates.

• dns_event API endpoint is refined to support the following capabilities:
• Filtering by: feed/custom list name, feed/custom list type, domain category, application, endpoint name, user group, host name, client's subnet/IP, threat class, threat property, threat indicator, DNS view for NIOS logs.
• Additional metadata in response: username, user group, application, feed/custom list name, feed/custom list type, domain category.
• Additional REST API enhancements: 
• Substring match support
• Managing individual entries in the list of internal domains
• Response pagination for custom lists

For more information, see DNS Event and BloxOne Threat Defense API Guide.

Infoblox introduces a new NTP service for all BloxOne Threat Defense Business Cloud and Advanced customers to reduce dependency on third-party services and to ensure that a common time source is used for all devices, .

The NTP service can be deployed standalone, or along with DNS Forwarding Proxy or other services on hosts. You can configure the NTP service uniformly across the account with the possibility of overriding locally on the host wherever NTP service is deployed. The service supports detailed configuration, including authentication, specific attributes, and access control lists. For more information, see Configuring NTP Service.

Dossier and TIDE enhancements:

Bring Your Own Feed (BYOF) – A new method to create RPZ feeds from TIDE Custom Profiles. 

You can now define an RPZ name during the creation of a TIDE profile to have it automatically create an RPZ file from data uploaded to TIDE. Users who have access to other third-party data sources shared with TIDE can better utilize these feeds using the DNS firewall or when sharing threat intel to other solutions in the security stack. For more information, see TIDE Data Submission on the Cloud Services Platform.

Enhancement: The point of presence (PoP) in South Africa has been updated to enhance BloxOne services and DNS performance.

Enhancement: 

• You can view upcoming release announcements on the Cloud Services Portal home page. Information on future BloxOne features and products will now be announced on the Cloud Services Portal. The new section is called “Upcoming Releases,” noting what is coming and the estimated release date. You may also opt to receive in-app or email notifications of upcoming releases by visiting the Notification Settings page . For more information, see Configuring Notification Delivery.
• Infoblox BloxOne extends log exports to now include DHCP logs, DNS logs, and Security logs to your dedicated Amazon S3 bucket. For more information, see Exporting Logs.

Feature: 

• You can deploy hosts in AWS using Infoblox-provided Community or Public BloxOne AMI images. For more information, see EC2 Instances Using AMI in AWS Deployment.
• You can filter hosts deployed in AWS by "BloxOne VM - AWS” on the Host page of the Cloud Services Portal. For more information, see Viewing Host Status.

For more information, see Configuring Notification Delivery.

• False positive and false negative threat data. 
• Incorrect web category information.
• Incorrect lookalike detection information.
• Incorrect application detection information.

For more information, see Dossier Threat Research Feedback.

• Sends additional DHCP-enriched logs, including certain metadata and field names, to all applicable destinations in CEF/LEEF log format.
• Provides the hostname and device name as part of the syslog messages. 

For more information, see Configuring Traffic Flows.

Enhancement: The BloxOne DDI DNS container v3.1.6 addresses the following vulnerabilities: CVE-2022-0396 and CVE-2021-25220.

• CVE-2022-0396: When BIND is configured to disable processing of TCP queries in parallel (option "keep-response-order”),  it consumed TCP connection slots indefinitely via a specifically crafted TCP stream sent by a client.
• CVE-2021-25220: An issue in BIND affects some resolvers configured with certain forms of forwarding. Out-of-bailiwick NS records in crafted responses, for example, sent by a malicious forwarder, may be cached under certain circumstances and potentially used for subsequent recursion.

Enhancement: BloxOne endpoints are no longer displayed in the Cloud Services Portal once they are moved to the recycle bin.

• Statistics reported in the details pane of the Endpoints page no longer include deleted endpoints. 

• Endpoints restored from the recycle bin are assigned disabled status by default.

• When an endpoint group is deleted, all endpoints residing within the deleted group are moved to the default endpoint group.

• When restoring a deleted endpoint from a deleted endpoint group, the restored endpoint remains a member of the default endpoint group. 

For more information, see Managing Endpoint.

Enhancement: DNS objects, such as DNS views, authoritative zones, forward zones, access control lists, and others are now supported in Global Search. This expands the set of available objects and tags to quickly find and take actions on hosts, devices, and users throughout the enterprise. For more information, see Using Global Search.

Feature and Enhancement:

• BloxOne Endpoint supports the following endpoint clients: Akamai Enterprise Applications Access (EAA) VPN client and Zscaler Client Connector with VPN client. For more information, see Endpoint Compatibility Guidelines.
• BloxOne Endpoint supports the following operating systems: Windows 11 and macOS Monterey. For more information, see Supported Browsers and Operating Systems.
• BloxOne Mobile Endpoint Management has the following enhancements: allows sending log files directly to the Cloud, multiple Anycast support, reestablishment of endpoint protection. For more information, see Managing Mobile Endpoint.
• To simplify management of security policies, you can now create and modify many objects inline, including custom lists, category filters, and endpoint groups. For more information, see Configuring Security Policies.
• BloxOne Threat Defense now supports several new objects for data import and export. For more information, see Importing and Exporting Data.
• Data Connector now sends DHCP enriched logs, including certain metadata and field names, to all applicable destinations in CEF/LEEF log format.  For more information, see Configuring Traffic Flows.

Enhancement:

• Infoblox supports the deployment of hosts in KVM-hypervisor-based deployments. You can now deploy hosts through KVM-hypervisor-based virtual appliances, using Infoblox-provided QCOW2 packages you download from the Cloud Services Portal. For information, see Bare-metal KVM Deployment and OpenStack with KVM Hypervisor Deployment.
• BloxOne now provides high-capacity Microsoft Azure VHD packages for deploying hosts. Depending on your business requirements, BloxOne now supports high-capacity Microsoft Azure VHD installation packages you download from the Cloud Services Portal. For information, see Downloading Infoblox Apps.
• Infoblox supports the deployment of hosts on DELL 1425 and 1485 VEP hardware. You can now deploy hosts on DELL VEP hardware, using Infoblox-provided ISO packages you download from the Cloud Services Portal while creating hosts using the serial number option. For information, see Hardware Appliance Deployment.
• The Device UI provides additional information to improve troubleshooting during host deployments. The Device UI provides additional information about the accuracy of the "join token" that you have entered via the Device UI or via cloud-init values, and the serial number that you have entered via the Cloud Services Portal. For information, see Troubleshooting Hosts.

Enhancement: Infoblox Data Connector now supports sending logs from BloxOne and NIOS sources to a Splunk Cloud destination in Splunk CIM or legacy Infoblox data format. For more information, see Configuring Traffic Flows.

BloxOne Threat Defense

Enhancement: Depreciation of the ActiveTrust Platform.

Infoblox replaced the ActiveTrust platform three years ago with the introduction of BloxOne Threat Defense built on the Cloud Service Platform, a modern and scalable platform built for a future of dynamic cloud-native security and networking solutions. Most customers have already migrated but there may still be a few using legacy connectors. Please ensure any use of the legacy system at (platform.activetrust.net) has been moved to the new cloud services portal (csp.infoblox.com). For developer resources please visit the TIDE and DOSSIER guide for CSP, and If you have any additional questions, please contact Infoblox Support at 888-463-6259.

Enhancement: The Security Activity Report permanently replaces the former Security Report.

Since the release of the new Security Activity Report to Infoblox Threat Defense about a year ago, the former Security Report has been retained to ease with the transition. As newer reporting capabilities have been added to the new Security Activity Report, dependence on the older report has declined and it is time to remove it.

There is no action required on your part as the former Security Report will be removed from the Cloud Services Platform menu after December 17, 2021.

Enhancement:

• Support the ability to configure DHCP server to ignore UID (Unique Client Identifier) when issuing IPv4 DHCP leases and identify DHCP clients solely based on their MAC address. For more information, see Defining Lease Times.
• New standard option codes 78, 79, 94, 146, 159, and 212 are now available in the DHCP4 option space. While these options have a record-based format, they are input as hex values and their format is partially validated. For more information, see DHCP Option Data Types.
• New System Defined DHCPv4 fingerprints are available for additional device classes and with new option number sequences. For example, new option number sequences are available for Microsoft Windows Kernel 4.0 system and Apple iOS and Mac OS X. For more information, see Configuring DHCPv4 Fingerprints.

Maintenance: The BloxOne DDI DNS container v3.1.4 addresses the following vulnerability: CVE-2021-25219. For more information, see What’s New in BloxOne DDI.

Enhancement:

• BloxOne introduces new status and message for initial deployment of non-NIOS hosts.  When deploying a non-NIOS host, you can now view its initial deployment status and message in the Platform Management section of the Manage > Host page of the Cloud Services Portal. For more information, see Viewing Host Status.
• Data Connector sends additional enriched data fields for Threat Defense Query/Response and Threat Feeds Hits logs to all applicable destinations. For more information, see Configuring Traffic Flows.
• BloxOne adds support for VMware ESXi server versions 6.7 and 7.0 for host deployment. For more information, see Supported Platforms for Hosts.

BloxOne Cloud Services Portal
BloxOne DNS
BloxOne DHCP

Feature:

• Ansible is now supported to automate DNS, DHCP and IPAM operations. Modules and sample playbooks are available on the Infoblox GitHub page at https://github.com/infobloxopen/bloxone-ansible. For more information, see Ansible Collections for Universal DDI.
• DNS IPv6 resource records are now supported in all DNS zones, providing support for dual-stack (IPv4/IPv6) applications and clients. For more information, see Creating a Primary Zone.
• DHCP objects, such as MAC addresses, networks, and host names, are now supported in Global Search. This expands the set of objects and tags available to quickly find and take action on hosts, devices, and users throughout the enterprise. For more information, see Using Global Search.
• BloxOne DDI now explicitly updates secondary DNS servers when DNS records are changed. This enables timely synchronization of zones for global DNS deployments. For more information, see Creating a Primary Zone.
• BloxOne DDI now supports the next-server, server-hostname, and bootp-file-name fields, as well as DHCP options 124 and 125. For more information, see Configuring DHCP Options.
• BloxOne DDI offers an easy method for you to migrate DHCP networks from NIOS to BloxOne. With this change, the DHCP options associated with IP space can optionally be preserved. For more information, see Copying IP Spaces.

Enhancement:

• The Cloud Services Portal now displays the previous Address/Name column of a subnet in the Address Block tab as two columns: Address and Name. This change does not affect functionality. For more information, see Configuring Subnets.

BloxOne Cloud Services Portal
BloxOne Threat Defense
BloxOne Endpoint

Feature:

• This BloxOne release introduces mobile endpoint management for iOS and Android devices. For more information, see /wiki/spaces/BloxOne/pages/9076770.
• BloxOne Endpoint supports the automatic removal of regular and mobile endpoints. For more information, see /wiki/spaces/BloxOne/pages/9078308.
• BloxOne Endpoint provides endpoint password protection against unauthorized interference. For more information, see /wiki/spaces/BloxOne/pages/9080712.
• This BloxOne Threat Defense release provides the ability to move objects to the Recycle Bin and restore the objects as required. For more information, see Recycle Bin.
• BloxOne Endpoint now supports enabling and disabling endpoints by endpoint group. For more information, see /wiki/spaces/BloxOne/pages/9078301.
• You can now easily reorder security policy precedence using drag-and-drop functionality. For more information, see /wiki/spaces/BloxOne/pages/9080818.
• This BloxOne Threat Defense release now supports click-through capability for dashboard widgets. For more information, see /wiki/spaces/BloxOne/pages/9080483.

Enhancement:

• Dossier  enhances threat investigation through threat scoring and deeper integration with Security Activity reports. For more information, see /wiki/spaces/~5f0f5ad9502ce1001d1bd220/pages/35369274.
• This release includes BloxOne Threat Defense reporting enhancements for the Cloud Services Portal. For more information, see Viewing Reports.

Feature: 

• Data import/export now supports the CSV file format in addition to JSON. For more information, see /wiki/spaces/ddiadminguidensdraft/pages/52265011.
• Infoblox now provides a software image to simplify the deployment of BloxOne hosts in Microsoft Azure Cloud. For more information, see Microsoft Azure Deployment.
• This release consists of DNS and DHCP service updates that will be applied to hosts running BloxOne DDI DNS and DHCP services.  

BloxOne Cloud Services Portal
BloxOne DNS
BloxOne DHCP
SSO Portal

Feature:

• The Infoblox SSO Portal now supports single IdP authentication for multiple domains. For more information, see Configuring IdP Authentication.
• Infoblox supports the deployment of hosts in Microsoft Azure.For more information, see Microsoft Azure Deployment.
• You can download service logs using the BloxOne API. For more information, see https://csp.infoblox.com/apidoc.

Enhancement:

• The former host type "BloxOne OVA" is now displayed as "BloxOne VM" on the Cloud Services Portal.For more information, see Viewing Host Status.
• This BloxOne release adds sub types to these host types: "BloxOne Appliance" and "BloxOne VM."For more information, see Viewing Host Status.
• BloxOne now provides high-capacity OVA packages for deploying hosts. For information, see Downloading Infoblox Apps.
• Data Connector supports sending log messages in Common Information Model (CIM) format when you configure Splunk as the destination. For information, see Setting Up Splunk.

Feature: Support for customer-provided Identity Providers using the standard SAML 2.0 interface. For more information, see What’s New in BloxOne Threat Defense and What’s New in BloxOne DDI

BloxOne Cloud Services Portal

BloxOne DNS
BloxOne DHCP

BloxOne Endpoint

BloxOne DNS
BloxOne DHCP

BloxOne DNS
BloxOne DHCP
BloxOne Ecosystem

BloxOne DNS
BloxOne DHCP