What’s New in Infoblox Threat Defense

This topic includes new features and enhancements for Infoblox Threat Defense. You can view information about other enhancements and maintenance for Infoblox products and services in the Infoblox SaaS Release Notes.

New Infoblox Portal – September 05, 2024

Infoblox is pleased to announce a significant update to the Infoblox Portal (portal.infoblox.com), featuring a modern UX refresh designed to enhance your experience and productivity. (UI updates will be available for the EU Region users in October). 

This update introduces:

Optimized Navigation Experience: Our redesigned interface offers more intuitive and seamless navigation, allowing you to find what you need faster and more efficiently through the following enhancements 

• Bespoke Lifecycles:
  • Monitoring lifecycle: This lifecycle focuses on providing business visibility through custom asset, security, and networking monitor Workspaces. These workspaces are tailored to deliver real-time insights and visualizations, helping you keep a close eye on critical metrics and system health.
  • Configuration lifecycle: Optimized to configure and deliver network services efficiently, this lifecycle follows best practices to ensure smooth and effective network management. It simplifies complex configurations, making deploying and managing network services easier.
• Improved Navigation Flows: Core task focus areas such as Security, Network, and Administration are now more logically grouped. This logical grouping streamlines your workflow, making accessing the tools and information you need easier without unnecessary clicks or searches.
• Industry-Standard Layouts: User Profile options, Account selection, and Notifications have been redesigned to align with industry standards. This redesign enhances usability and consistency across the portal, providing a familiar and user-friendly experience.

Enhanced Server and Service Deployment Management Workflows:

• Universal DDI Offering: Introducing NIOS-X As-a-Service, a fully managed deployment solution that enables network protocol service delivery without the need for infrastructure investments. This new deployment type simplifies the process of delivering network services, allowing you to focus on your core business activities. 
• Dedicated Servers Section: Users of traditional services will now find virtual and physical hosts under a dedicated Servers section. This section includes our next-generation NIOS-X servers (formerly BloxOne) and our industry-leading NIOS solution, providing a comprehensive view of your deployment infrastructure.
• Manage NIOS with Universal DDI: Single pane of glass management of NIOS Grids and Members directly within the Infoblox Portal

Increased Visibility to Critical Metrics:

Stay informed on key performance indicators with our new dashboards and KPIs, designed to provide clear and actionable insights:

• Custom Workspaces: Workspaces for Assets, Security, and Networking feature custom-designed monitors crafted by our industry experts. These monitors deliver out-of-the-box real-time visualizations of critical metric summaries, allowing users to quickly assess the health of their networking and security environment. With these insights, you can take immediate action without waiting for reports or updates.
• Business KPI Ribbon: A new Business KPI ribbon provides line-of-sight visibility into critical success metrics. This feature allows users to quickly understand the positive impact of the Infoblox market-leading DDI solution in securing critical business assets, providing 24x7 highly scalable network services, and offering centralized management across both cloud and on-premises deployments.

Provide Tailored User Access with Access Views

Access Views enables users to set custom fine-grained access rules for specified users or groups and associated DDI resources.

Infoblox Endpoint releases version 2.4.16 for Windows and macOS

This release addresses an issue with statically assigned DNS servers on network interfaces. For more information about Infoblox Endpoint, see Managing Endpoint. 

BloxOne Threat Defense – August 29, 2024

Data Connector introduces BloxOne Cloud-to-Cloud SIEMs, emphasizing fully managed services with seamless integrations with third-party SaaS services.

Key enhancements in this release:

• Facilitates the setup of a Syslog destination in BloxOne Cloud.

• Facilitates the setup of automations in BloxOne Cloud.

• Facilitates the setup of an HTTP Destination in BloxOne Cloud.

For more information, see Data Connector and Infoblox Ecosystem.

Infoblox Ecosystem now offers support for automation integrations running in BloxOne Cloud, enabling the automation of Cloud-to-Cloud workflows.

BloxOne Threat Defense – August 19, 2024

To enhance Threat Defense services, Infoblox has launched a new second-level infobloxtd.com domain along with additional IP addresses, 103.80.6.120 and 52.119.41.120.

Infoblox strongly recommends that all customers update their network configuration to enable access to the new IP addresses, the second-level domain, and all its subdomains. Infoblox plans to launch services utilizing these IP addresses and hostnames under infobloxtd.com by mid-September 2024.

Data Connector introduces additional event field options for Atlas Notification settings.

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, seeCreating Traffic Flows.

BloxOne Threat Defense – August 14, 2024

Data Connector introduces additional event field options for Audit Log settings.

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see Creating Traffic Flows.

BloxOne Threat Defense – August 5, 2024

Infoblox launches the Infoblox Ecosystem Program.

This program includes a self-service portal, offering certified, out-of-the-box integrations with leading technology providers. The program is powered by Automations, an event-driven automation framework designed to streamline integration development. These integrations have undergone rigorous testing and validation to ensure compatibility and support by Infoblox. The program aims to help NetOps and SecOps teams automate workflows, enhance security, and improve collaboration across on-premises, hybrid, and multi-cloud environments. For information, see Ecosystem Portal.

BloxOne Threat Defense – August 2, 2024

Data Connector now supports sending logs to an HTTP destination in Splunk CIM data format.

When configuring a Data Connector traffic flow, you now have the option to choose Splunk CIM as the log message format when you configure HTTP as the destination. For information, see Setting Up HTTP.

BloxOne Threat Defense releases BloxOne Mobile Endpoint for iOS without VPN dependency.

To improve compatibility with VPN solutions, including on-demand VPN, BloxOne Mobile Endpoint for iOS will be able to use the iOS native DNS proxy framework to intercept all DNS traffic. Requirements: iOS/iPadOS 14.x and later, deployment by an MDM.For more information about BloxOne Mobile Endpoint, see Managing BloxOne Mobile Endpoint.

BloxOne Threat Defense – August 1, 2024

Infoblox introduces event selection field options for BloxOne Threat Defense DNS Query/Response log, BloxOne Threat Defense Policy Hits log, BloxOne DDI DNS Query/Response log, and Service Logs exported by Data Connector.

BloxOne Threat Defense – July 26, 2024 

BloxOne Endpoint releases version 1.0.9 for Linux Ubuntu 22

This release includes stability improvements. For more information about BloxOne Endpoint, seeManaging Endpoint.

BloxOne Threat Defense – July 24, 2024 

To enhance security, the host API keys have been deprecated. However, users can still access the BloxOne APIs using the service API keys.

For information about service API keys, see Configuring Service API Keys.

BloxOne Threat Defense – July 23, 2024 

BloxOne Endpoint releases version 2.4.10 for Windows and macOS.

This release includes stability improvements and resolves minor issues. For more information about BloxOne Endpoint, see Managing Endpoint.

BloxOne Threat Defense – July 12, 2024 

BloxOne introduces tagging enhancements that restrict tag values displayed during tag addition, application, and filtering to those currently assigned to objects. Additionally, predefined tag values can now be defined through restricted tags, instead of freeform tags. To explicitly add values to a freeform tag, convert the tag to a restricted tag first.

      For more information, see Managing Tags.

BloxOne Threat Defense – June 21, 2024 

BloxOne enhances the performance and usability of Global Search on the Cloud Services Portal, making it easier and faster for users to find what they need.

Global search includes the following enhancements:

• Users can now start a search by pressing the Enter key after entering key words.
• Quick results will display the top three relevant results.
• Users will see two groups of results: one for Exact Matches and the other for Related Results.
• Exact match results will appear within a second.
• Related results will be visible within a few seconds.
  

BloxOne Threat Defense – May 27, 2024 

BloxOne Endpoint releases version 2.4.9 for Windows and MacOS.

This release includes stability improvements and resolves minor issues. For information, see Managing Endpoint.

BloxOne Threat Defense – May 9, 2024

BloxOne Threat Defense introduces a new RPZ feed structure that provides simplicity and user-friendly feed names.

BloxOne Threat Defense for NIOS now includes a new RPZ feed structure that provides simplicity, along with user friendly names, allowing users to set the correct policies and address the growing number of available RPZs over time. With the new structure, customers can configure their policy action correctly per their risk posture and have an “at a glance” understanding of how their network is protected. This requires removing the prior configured RPZ feeds and updating them to the consolidated new RPZs. The old RPZs will be supported until December 2024, giving time for transition to the new RPZ. The old RPZs will be deprecated after December 2024. Beyond the current RPZ updates for OnPrem, the feeds on the cloud will also be updated to reflect the same feed structure around July 2024.

Configuration Guide: https://docs.infoblox.com/space/BloxOneThreatDefense/622493764/Feed+Revamp+for+NIOS.

The following NIOS RPZ feeds are available based on your subscription level.  

BloxOne Threat Defense – May 1, 2024

The default time filter in BloxOne Threat Defense reports has been updated from one hour to 24 hours.

The default time filter change applies to the following reports: DNS Activity, Security Activity, Summary Reports, Application Discovery, and Web Content Discovery. A one hour reporting option is still available, but it is no longer the default. The default time filter setting benefits our customers by improving the performance of the rendering reports.

BloxOne Threat Defense – April 12, 2024

BloxOne consolidates notifications for host-related events, optimizing efficiency and improving system performance.

When configuring BloxOne notifications, you can now choose Host Status Infra to receive important events related to the supported host metrics. The former Host State option will no longer be available. This enhancement helps improve system performance and reduce the number of notifications you will receive. For information, see Configuring Notification Delivery.

BloxOne Threat Defense – April 11, 2024

This release of the BloxOne Data Connector includes a few enhancements: relocation of the Data Connector tab from the Manage tab to the Integrations tab on the Cloud Services Portal, a new traffic flow configuration wizard, and the ability to add tags.

In addition to the relocation of the Data Connector tab from the Manage tab to the Integrations tab, other enhancements include the release of a new traffic flow configuration wizard to improve workflow efficiency and the capability to add tags to traffic flows, sources, destinations, and ETL configurations. For information, see Data Connector.

BloxOne Threat Defense – April 5, 2024

BloxOne introduces enhancements that streamline account management across multiple organizations.

The enhancements are particularly beneficial for administrators managing multiple organizations or sandboxes, simplifying the process of accessing and controlling subsidiary organizational accounts. The enhancements also overhaul the Cloud Services Portal's current account-switching feature by introducing an improved account selection menu that can handle hundreds of organizational accounts and includes a search and filter function for better organizational account management.

Additional enhancements include the following:

• Administrators managing multiple organizations can set a default account, which is automatically accessed upon the initial connection to the Cloud Services Portal after authentication.
• Administrators are able to specify favorite organizations, which are prominently displayed at the top of the account selection window/menu for quick and easy access.

For additional information, see Managing BloxOne Accounts. 

BloxOne Threat Defense – April 4, 2024

Infoblox Data Connector supports forwarding of BloxOne DHCP lease logs to a NIOS reporting destination.

Infoblox Data Connector now allows you to forward BloxOne DHCP lease logs to NIOS reporting, streamlining network administration workflows and enhancing efficiency. For more information, see Configuring Traffic Flows.

BloxOne Threat Defense – March 14, 2024

BloxOne Endpoint supports deferred deployment scheduling options. 

A new deferred deployment schedule option for BloxOne Endpoint for Windows, MacOS, and Linux is available, allowing endpoint upgrades to be postponed by the endpoint group. Deployment can be deferred for up to four weeks, with the option to select deployment day of week and time, independent of the release date. BloxOne Endpoint for iOS and Android will request and validate a user’s email during manual installation when an MDM service is not used for the deployment. This simplifies and improves user notification, compromised device tracking, access restrictions (by listing trusted domains), and general consumption. For information, see Scheduling Endpoint Group Updates.

BloxOne Mobile Endpoint validation of user email ID during manual installation (no MDM feature). 

BloxOne Moblie Endpoint adds validation of the user’s email during manual installation when an MDM service is not used for the deployment. This simplifies and improves user notification, compromised device tracking, access restrictions (by listing trusted domains), and general consumption. For information, see Deployment of MDM-less Mobile Endpoint (no MDM feature). 

BloxOne Threat Defense – March 8, 2024 

Added DNS Point of Presence - U.S. (Ohio). 

Infoblox adds PoP for DNS resolution in the U.S. (Ohio) to speed resolution, improve resiliency, and provide local resolution for organizations in that region.

BloxOne Threat Defense – February 23, 2024 

AWS S3 RPZ log export now includes three additional fields: "key," "sld," and "extra." 

RPZ logs exported to AWS S3 and the object storage service will be updated to include additional fields: "key," "sld," and an "extra" field to provide additional metadata such as username, client region and country, endpoint group, response, etc. This RPZ log export enhancement uses a different output path on the customers' S3 bucket ( / rpz_enriched / year=xxxx / month=xx / day=xx /hour=xx ). For information, see Log File Format.

BloxOne Threat Defense – February 16, 2024 

SOC Insights for BloxOne® Threat Defense enhances SOC efficiency by utilizing AI-driven analytics to effectively reduce alert fatigue and security gaps while also decreasing Mean Time to Respond (MTTR).

By distilling vast numbers of alerts into crucial insights, analysts can prioritize and address critical issues more efficiently and effectively. SOC Insights further empowers analysts with instant access to relevant network, event, and DNS intelligence, allowing for speedy, informed decision-making and accelerated incident response and threat mitigation. SOC Insights is offered as an optional feature for both BloxOne Threat Defense Advanced and BloxOne Threat Defense for BloxOne Business Cloud customers. Additionally, Configuration Insights is automatically integrated into all existing BloxOne Threat Defense Business Cloud and Advanced user accounts, offering guidance on optimal detection settings and adherence to best practices. 

Customers interested in exploring this feature can reach out to the sales team to request a trial. For information, see SOC Insights.

BloxOne Threat Defense – February 1, 2024

BloxOne Endpoint for Windows support for Join Tokens

The latest update to the BloxOne Endpoint for Windows, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Mac, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint

BloxOne Endpoint for Mac support for Join Tokens

The latest update to the BloxOne Endpoint for Mac, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Windows, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.

BloxOne Threat Defense – January 29, 2024

The Cloud Services Portal now provides enhanced viewing and export options for service logs from the Data Connector.

• Logs from the Data Connector are now accessible for both viewing and downloading through the Cloud Services Portal.
• The Data Connector has the capability to export service logs to all supported destinations, including integration with SIEM (Security Information and Event Management) systems.

For information, see BloxOne Notifications and Configuring Traffic Flows.

BloxOne Threat Defense – January 17, 2024

BloxOne introduces the redesign of the Dossier summary and timeline page.

The updated design now presents timeline events in a clear chronological order, using a vertical format for easier reference. Additionally, the redesign includes detailed event information linked to each timeline occurrence, streamlining the process of tracking and managing events within your organization. This enhancement aims to improve the user experience and facilitate more efficient detection, monitoring, and managing of reported threat indicators. 

For information about Dossier, see The Dossier Threat Indicator Report.

BloxOne Threat Defense – January 16, 2024

BloxOne supports host deployment using generation 2 virtual machines on Hyper-V/Azure.

BloxOne now supports generation 2 VMs when you deploy BloxOne hosts in Microsoft Azure. For more information, see Microsoft Azure Deployment.

BloxOne supports adding host tags associated with the Cloud Services Portal during BloxOne host deployments.

When you deploy a BloxOne host, you can add a host tag to the "userdata" file to associate the host with the Cloud Services Portal. For more information, see YML and JSON Templates.

BloxOne supports firmware updates on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 hardware appliances.

To upgrade the firmware on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 appliances, you can now download firmware upgrades and apply a firmware upgrade script via the debug CLI or a USB flash drive. For more information, see Updating Firmware on Hardware Appliances.

BloxOne host deployment on Google Cloud Portal (GCP) now supports IPv6.

      For information, see Google Cloud Portal (GCP) Deployment.

BloxOne Threat Defense – January 5, 2024

BloxOne Endpoint for Linux support for Join Tokens

The latest update to the BloxOne Endpoint for Linux, version 1.0.7, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.

BloxOne Threat Defense – December 4, 2023

BloxOne Mobile Endpoint for Android will receive a MDM-less deployment option.

BloxOne Mobile Endpoint for Android will receive a MDM-less deployment option. MDM-less deployment will allow better support for BYOD and other non-managed corporate devices. Users can now install BloxOne Endpoint from the Google Play store and enable it by scanning a provided QR code to protect their devices. QR codes are generated based on unique join tokens, which are easy to retire and rotate. Due to significant changes in the authentication process it is recommended to deploy the application in a lab environment first to ensure it is properly understood and implemented,  and then schedule upgrades in stages. For information, see Managing Endpoint Groups and Managing BloxOne Mobile Endpoint.

BloxOne Threat Defense – December 1, 2023

BloxOne now displays all host types for hardware platforms on the Cloud Services Portal.

The Infrastructure > Host page of the Cloud Services Portal now displays B1-212 as the host type for Dell VEP appliances that are purchased from Infoblox. In addition, the "B105" hardware type is replaced by "B1-105."

BloxOne allows you to add new services directly on the Infrastructure > Host page.

You can now add services to a specific host on the Infrastructure > Host page without navigating to the Services page.

BloxOne Threat Defense – November 20, 2023

BloxOne Endpoint for Windows version 2.4.3 is updated to provide a better experience with user group-based policies that do not require re-authentication on the agent. This release of BloxOne Endpoint for Windows and for MacOS version 2.4.3 also contains bug fixes.

For information, see Managing Endpoint Groups.

BloxOne Threat Defense – November 15, 2023

BloxOne Mobile Endpoint for iOS will receive a MDM-less deployment option.

MDM-less deployment will allow better support for BYOD and other non-managed corporate devices. Users can now install BloxOne Endpoint from the Apple App store and enable it by scanning a provided QR code to protect their devices. QR codes are generated based on unique join tokens, which are easy to retire and rotate. Due to significant changes in the authentication process it is recommended to deploy the application in a lab environment first to ensure it is properly understood and implemented, and then schedule upgrades in stages. For information, see Managing Endpoint Groups and Managing BloxOne Mobile Endpoint.

BloxOne Threat Defense – November 4, 2023

BloxOne Endpoint version 1.0.6  supports Ubuntu 20.x and RedHat 8.x distributions, in addition to Ubuntu 22.x. 

For information, see Linux Client Application Deployment.  

BloxOne Threat Defense – November 2, 2023

BloxOne introduces usability enhancements to global search and local search on the Cloud Services Portal.

The global search and local search enhancements include the following:

• Global search input functionality updates
• Local search bar and filter updates
• New page header design and icon size and placement updates

For information, see Using Global Search and Using Local Search.

BloxOne Threat Defense – October 20, 2023 

BloxOne introduces a new table view to the Hosts, Services, Monitoring, Locations, and Templates tabs on the Manage > Infrastructure page of the Cloud Services Portal.

In addition to the card and map views, you now have the flexibility to view and manage the data of hosts, services, monitoring, locations, and templates in a table format on the BloxOne Infrastructure page.

BloxOne introduces a new table view to the Audit Logs, Service Logs, and Security Logs tabs on the Administration > Logs page of the Cloud Services Portal.

In addition to the card view, you now have the flexibility to view and manage the data of audit logs, service logs, and security logs in a table format on the BloxOne Logs page.

BloxOne Threat Defense – October 6, 2023 

BloxOne Threat Defense enhances full audit logging by adding details of Create, Update, and Delete (CUD) operations.     

Enhanced audit logging track changes in security policies, custom lists, application/category filters, BloxOne Endpoint/BloxOne Endpoint group settings, and more. For more information, see Viewing Audit logs.

BloxOne lookalike domain management includes suggested domains for monitoring. 

A maximum of 25 suggested lookalike domains can be added to a custom lookalike watch list for monitoring.  For more information, see Viewing Custom Watched Domains and Adding Suggested Lookalike Domains.

BloxOne Threat Defense – October 5, 2023

Infoblox BloxOne bare-metal deployment now supports Red Hat versions 7.9, 8.7, 8.8, 9.1, and 9.2.     

For more information, see Bare-Metal Deployment.

BloxOne Threat Defense – September 27, 2023

Infoblox supports the deployment of BloxOne hosts in Google Cloud Platform.     

You can now deploy BloxOne hosts on Google Cloud Platform using Infoblox-provided GCP package you download from the Cloud Services Portal.  For more information, see Google Cloud Portal (GCP) Deployment.

Infoblox supports the deployment of BloxOne hosts on Containerd Environments.

You can now deploy BloxOne hosts on Containerd environments  using Infoblox-provided BloxOne Install packages you download from the Cloud Services Portal. For more information, see Bare-Metal Deployment.

Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds.

Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds. Newly created custom RPZs are limited to a maximum of 6 million records. This limit includes all available feeds, such as Infoblox-curated data, Infoblox’s third-party data, and any uploaded data you provide. A new sizing indicator displays the number of records contained within a custom RPZ feed. Custom RPZ feeds created prior to the introduction of the new sizing guidelines will not be impacted by the new sizing guidelines, although no new records can be added. For information, see Sizing Guidelines for Custom RPZ Feeds.

For information, see Sizing Guidelines for Custom RPZ Feeds.

BloxOne Threat Defense – September 26, 2023

BloxOne enhances the Log Export feature to include additional metadata in the BloxOne Threat Defense DNS response logs.

DNS response logs are exported in parquet format. Exported parquet-files include the following additional columns: 'key', 'sld' and column 'extra' get additional fields: 'sld', 'pname', 'pdisplay_name', 'domain_applications', 'qname_norm', 'client_country', 'client_continent', 'event_date', 'response_continent', 'response_region', 'response_country', 'application', 'egress_ip', 'device_name', 'device_ip', 'domain_categories', 'network', 'record_type', 'query_type', 'response', 'user_name', 'endpointgroups'. 
If you have any questions about the enhancement, please contact your account team or open a support ticket.

For information, see Exporting Logs.

BloxOne Threat Defense – September 1, 2023

You can now set up BloxOne sandboxes as test environments.

If your business requires a separate BloxOne test environment, you can purchase a BloxOne sandbox and set it up for testing purposes. For more information, see Managing Sandboxes.

BloxOne Threat Defense – August 24, 2023

BloxOne lookalike domain management now supports the monitoring of up to 25 custom-watched domains.

The maximum number of custom lookalike domains that can be monitored has been increased from 10 to 25.  For information, see Custom Lookalike Domain Monitoring.

BloxOne Threat Defense – August 22, 2023

The following BloxOne Threat Defense RPZ feeds have been deprecated and are no longer available for BloxOne Threat Defense or for On-Prem DNS Firewall: SURBL Fresh Domains, SURBL Multi Domains, and SURBL Multi Lite Domains.

It is recommended that you add the following feeds in place of the deprecated feeds:

• NOED, with the same policy rules originally selected for SURBL Fresh
• Suspicious Domains with one of the policy actions to Block, if available based on subscription level.
• Suspicious Lookalikes with one of the policy actions to Block, if available based on subscription level.
• Suspicious NOED with one of the policy actions to Block, if available based on subscription level.
  

For information, see Recommended Feed Configuration to Replace the SURBL Feeds.

BloxOne Threat Defense – August 17, 2023

BloxOne Threat Defense adds direct linked access from the dashboard charts to the chart source data to better facilitate threat investigations.

Direct linking of the dashboard charts to their source data allows for drilling deep down into their source data. This enhancement offers improved usability of the dashboard charts for tasks involving investigation and workflows by offering the convenience of pivoting between the charts and their underlying data. For information, see Viewing the Dashboard. 

BloxOne Threat Defense – August 16, 2023

You can now transfer services from one BloxOne host to another.

The ability to reassign or transfer a service from one host to another is useful in situations where you need to update your network infrastructure or retire a BloxOne host. For information, see Editing General Service Information.

BloxOne Threat Defense – August 14, 2023

BloxOne Introduces notification enhancements to improve usability.

BloxOne notification includes the following enhancements:

• When you click Notifications on the left navigation panel of the Cloud Services Portal, you can view personal notifications generated for your user account.
• You can click the notification icon at the top of the left navigation to view the 30 latest notifications in the New Notifications panel. The number displayed on the icon indicates the number of notifications you have received within the last three days. 
• You can choose the types of personal notifications you would like to receive. Individual settings do not affect the global or admin settings for other users.

For information on BloxOne notifications, see Infoblox Platform Notifications.

BloxOne Threat Defense – July 28, 2023

The BloxOne Application Discovery Report receives a makeover, enhancing user experience and providing more valuable insights into application usage within your network.

Updates to the Application Discovery Report introduce a refreshed look-and-feel, including new page headers and the ability to view historical data on the All Applications page for Approved and Unapproved application states. Application Discovery is available to BloxOne Threat Defense Advanced subscribers. For information, see Application Discovery. 

The Notional Threat Insight List (TI-DNST) provides users with information about DNS Tunnels in their early stages, not yet fully classified as malicious. 

The Notional Threat Insight List detects DNS Tunnels in their preliminary phases before they reach a fully malicious status. This list operates with a default action of Allow-With Log. Since the tunnels are not yet conclusively identified as fully malicious, blocking them outright could lead to false positives. Organizations can modify the  default action to "Block" if their risk tolerance or organizational needs dictate.

BloxOne supports CISA Protective DNS encrypted DNS service. 

For Federal accounts, BloxOne  supports CISA Protective DNS, a secure and compliant server configuration utilizing encrypted DNS protocols (DNS-over-HTTPS or DNS-over-TLS).  Encrypted resolvers must be used when communicating with upstream DNS resolvers in adherence to to OMB memorandum M-22-09. For information, see Configuring DNS Forwarding Proxy to Use Encrypted DNS Protocols.

BloxOne provides new service KPI metrics for DNS Forwarding Proxy. 

Two new service KPI metrics have been introduced for DNS Forwarding Proxy: DFP Service Status and DFP Service Queries per Second.  

Infoblox SSO Portal now supports Google Authenticator for multi-factor authentication, in addition to Okta Verify.

You can now choose Google Authenticator, in addition to Okta Verify, as the authentication method when you configure multi-factor authentication for your Cloud Services Portal users who have an email domain that matches the selected domain name. For more information, see Activating Multi-Factor Authentication.

Retirement of TIDE RPZ threat feeds entitlements.

The following feeds are being retired from TIDE service:

• ExploitKit_IP
• Ext_ExploitKit_IP
• Ext_TOR_Exit_Node_IP
• NCCIC_Host
• NCCIC_IP

BloxOne Endpoint version 2.4.0 release. 

BloxOne Endpoint 2.4.0 contains minor bug fixes and collects additional metadata (serial numbers) on Windows and Mac OS devices. For information, see Managing BloxOne Endpoint. 

BloxOne Endpoint introduces a revamped endpoint management interface possessing additional endpoint properties and functionality.

The BloxOne Endpoint management page has been enhanced with additional endpoint properties (hostname, username, OS, location, and more) and additional functionality on a dedicated page which can be shared using its unique URL. A new property endpoint's public IP address was also included as part of this enhancement. For information, see Viewing Endpoint Devices and Viewing Mobile Endpoint Devices.

The default block and allow custom lists now allow editing of domains, IP addresses, and tags. 

The default customer configuration now includes default Allow - No Log for the custom allow list and Block - with Log for the custom block list. These lists are included in the default policy for new and existing customers. For information, see Custom Lists. 

BloxOne Threat Defense – July 20, 2023

BloxOne Endpoint is available for deployment on Linux (Ubuntu 22).

BloxOne Endpoint can now be downloaded for Linux Ubuntu 22 from the downloads page in the Cloud Services Platform (administration > downloads). For information, see Deploying Endpoint for Linux.

BloxOne Threat Defense – July 11, 2023

You can now put a host in maintenance mode to perform necessary maintenance. 

In situations where you need to initiate maintenance on a host such as upgrading the OS, rewiring the host, or changing the location of the host, you can put the host in maintenance mode. When a host is in maintenance mode, you will not receive any notifications of host activities. However, you can continue to deploy services and perform configurations on the host. All host and service configurations are not affected during the maintenance mode. To resume notifications, you must manually stop maintenance mode on the host. For information, see Using Maintenance Mode for Servers.

BloxOne Threat Defense – July 10, 2023

New Threat Insight deduction method ensures domains reported in RPZs are added for monitoring. 

The issue regarding the detection of DNS Tunneling events not being detected when using a filter with all categories and the action set to Allow-Log has been resolved. To remedy this issue, the check for a domain being part of an RPZ has been removed from the filtering process. This change allows the reported domains to correctly go through the Threat Insight deduction process. In the Cloud Services Portal, you can view the domains that have undergone Threat Insight deduction in the Threat Insight report section of the Security Activity report (Reports > Security Activity > Threat Insight). To make it easier to see the applied action filtering, a new column called Action has been added to the Threat Insight report. This column allows you to monitor the actions applied to reported domains based on precedence, ensuring protection. For more information, refer to the Threat Insight Report. For information see, Threat Insight Report.

BloxOne Threat Defense – July 03, 2023 

BloxOne Notifications has a new data type for Data Connector

You can provision Data Connector to deliver Cloud Services Portal event notifications such as CPU utilization, new feature announcements, and more, to a SIEM destination. For information, see BloxOne Notifications.

You can now query host statuses using the BloxOne API.

BloxOne provides the "statuses" API call, so you can query host status, platform service status, and protocol service status. For more information, see Querying Server Statuses Using the API.

BloxOne Threat Defense – June 26, 2023

Infoblox supports the deployment of hosts on Hyper-V enabled Windows Server.

You can now deploy hosts on Hyper-V enabled Windows Server using Infoblox-provided VHD packages you download from the Cloud Services Portal. For more information, see VHD on Hyper-V Enabled Microsoft Server Deployment.

BloxOne Threat Defense – June 17, 2023

BloxOne introduces Historical Data Reporting for the DNS Security and the Security Activity reports.

The historical data reporting feature affords the ability to search up to 60 days of cloud reporting data. The new historical data viewer will retrieve older data and allow you to view it within your activity reports. For information, see DNS Activity Historical Data Report and Security Activity Historical Data Report.

BloxOne Threat Defense – June 14, 2023

On May 18, 2023, Infoblox removed the ability to view legacy API keys as part of the process of deprecating these keys (which were replaced by the new API keys in February 2021). Since then, Infoblox identified a set of customers that are still using the legacy API keys. To provide all customers with the best possible experience and support while we complete the transition to the new API keys, the legacy API keys will remain visible and active until the end of July 2023.

BloxOne Threat Defense – June 9, 2023

When you perform a local search in the Manage > Infrastructure section, you can view all the objects on the specific tab (such as the Hosts or Templates tab) based on your filtering criteria; and you can page through the results. This applies to the Hosts, Services, Monitoring, Templates, and Location tabs.

You can now use Global Search to find template objects by Name, Description and Tags.

BloxOne Threat Defense – May 31, 2023

BloxOne adds new naming conventions for Threat Classes and Threat Families algorithm detections.

The following Threat Classes and Threat Family names are being updated. The renaming primarily impacts the Security Activity Report and Insightful Reporting.

• Security Activity Report: Both the new and old tclasses will appear in the Security Activity Report for the next month. Historical data will not be updated. 

• Insightful Reporting.

BloxOne Threat Defense – May 18, 2023

You will no longer be able to view legacy API keys on the Cloud Services Portal. The legacy API keys are also not supported in API calls.

BloxOne Threat Defense – May 9, 2023

BloxOne Endpoint version 2.3.11 contains a few fixes and enhancements.

• This release fixes a rare occurrence when Endpoint for MacOS doesn't switch to the protected state after coming back from the "sleep" state.

• A configuration issue has been fixed if the DNS bypass probe domain is included in an internal domain list.

• Cleaning up temporary files and folders after an upgrade.

• Updated Infoblox branding.

Data Connector supports audit logs transfer to SIEMs for improved reporting to existing reporting systems. 

Data Connector supports the transfer of BloxOne audit logs to SIEMs (Splunk, Splunk Cloud, Syslog in CEF/LEEF formats), as well as Infoblox Reporting. This enables the integration of audit logs with existing monitoring and reporting systems, enhancing visibility and enabling better security and compliance management. For information, see Configuring Traffic Flows.

BloxOne Threat Defense – May 2, 2023

BloxOne delivers the following Dashboard enhancements: interactive legends, enhanced tooltips, chart selection options, and top threat classes filter and zoom flexibility.

• Interactive Legends: You can easily filter data elements in the legend and dynamically update charts to display the data most critical to you.
• Enhanced Tooltips: Smooth scrolling and intuitive display of the data points across the X & Y axis as you hover through dashboard charts and data series.
• Chart Selection Options: - Toggle between bar and area chart options to select the ideal display for your selected data set.
• Top Threat Classes Filter and Zoom Flexibility:  You can easily zoom in to explore and focus on smaller segments of the treemap for the Communication Threat Class and Remote Targets widget–updated with the ability to select and highlight individual segments.

For information, see Viewing the Dashboard.

BloxOne Threat Defense – April 22, 2023

BloxOne supports DNS over TLS (DoT) in BloxOne Cloud to ensure the highest level of security provided to our customers using third-party DNS resolvers to directly communicate with BloxOne Threat Defense Business and Advanced subscription accounts.

Infoblox has enabled an encrypted DNS over TLS resolver (DoT) globally on threatdefense.infoblox.com, Anycast IP addresses, and in every point of presence. For information, see Configuring DNS Forwarding Proxy Settings.

The Web Content Discovery report has a new look with additional pivot capabilities and key trending data built into the interface.

Web Content Discovery is available to subscribers of BloxOne Threat Defense Advanced. For information, see Web Content Discovery.

Summary reports introduce the set up and automatic delivery of the Executive Summary and Comprehensive security reports at a set time, delivered directly to your email inbox. For information, see Summary Reports.

BloxOne Endpoint supports updated automatic inactive endpoint removal settings to support faster cleanup of unused endpoints.

The minimum interval is set to 15 days and the default value was updated to 100 days. The default value is also applied for endpoint groups with an undefined value (shown as 0 days on the Cloud Services Portal). For information, see Automatic Removal of an Endpoint After a Period of Inactivity

BloxOne security policy management can now be enabled for endpoint devices using the following metadata types: device operating system name and/or version, device hostname, and device country based on the geolocation of its IP address.

For information, see Configuring Network Scopes and Managing Endpoint..

BloxOne Threat Defense – April 20, 2023

Infoblox BloxOne continuously synchronizes account names with corporate names. If your account name changed over the last few years, the name displayed on the Cloud Services Portal might change. This does not have any other implications on your account: Your configuration and data stay the same.

BloxOne Threat Defense – April 19, 2023

BloxOne introduces a location feature you can use to associate hosts with a specific location.

The location feature is useful when you want to group multiple hosts by geocoded address and be able to later identify the hosts by their location. For information, see Managing Locations.

BloxOne Threat Defense – April 18, 2023

BloxOne Threat Defense adds a new standalone threat and RPZ feed: NOED feed.

The NOED feed consists of newly created domains, some of which may not be inherently suspicious. However, monitoring traffic to these domains may be advisable since there is a low likelihood of their being visited under normal circumstances which raises the possibility of their being used for potentially nefarious purposes. For information, see Viewing Active Threat Feeds and Threat Insight.  

BloxOne Threat Defense – April 17, 2023

The BloxOne Lookalike Domains Activity report has undergone a comprehensive overhaul and redesign to optimize the organization and accessibility of data. Lookalike events are now grouped in a structured and logical manner based on specific criteria associated with the target domain, including the total count of lookalike domains, the total number of custom watched domains, and the total number of threat lookalikes. This enhancement ensures that the report provides a more practical, informational, and user-friendly experience for users.

        For information on lookalike domain monitoring, see Custom Lookalike Domain Monitoring.

BloxOne introduces a monitoring feature you can use to integrate with your monitoring tools to obtain host metrics.

When you set up a monitoring configuration, BloxOne uses APIs on the associated hosts, so your monitoring tools can query host metrics and health status based on the configured authentication method. For information, see Monitoring NIOS-X Server Metrics.

BloxOne increases serviceability by introducing host service logs.

On the Cloud Services Portal, you can now view host service logs on the Manage > Infrastructure > Hosts tab by accessing General Information > Logs of a chosen host. For information, see Viewing Server Logs.

BloxOne now supports VLAN Interfaces when you configure the IP settings for a host.

You can now set up VLAN interfaces when deploying a host if you want to virtualize your network infrastructure. For information, see Setting IP Interfaces.

BloxOne Threat Defense – April 3, 2023

The following BloxOne Threat Defense RPZ feeds have been deprecated and are no longer available for BloxOne Threat Defense or for On-Prem DNS Firewall.

• Spambot_IP 

• Bot_IP

        For information on available feeds, see Supported Threat Intelligence Feeds and Licensing and Subscriptions.

BloxOne Threat Defense – March 30, 2023

Infoblox introduces the new Routing page on the Cloud Service Portal.

BloxOne routing improves the flexibility, scalability and performance of routing by separating it from the Anycast service into new BGP, OSPF, and RIP services who are entitled for Anycast. If you are not currently using Anycast, you will see the new Routing page immediately, and no action is required on your part. If you are currently using Anycast, Infoblox Support will be contacting you to arrange the migration of your Anycast configuration to these new services. For information, see Configuring Routing.

Infoblox BloxOne bare-metal deployment now supports Ubuntu 22.04.

With this release, Infoblox BloxOne supports Ubuntu 22.04 and will continue to support Ubuntu 20.04 and 18.04. BloxOne will however stop the official support of Ubuntu 16.04.

BloxOne Threat Defense – March 6, 2023

Infoblox introduces the new Infrastructure page on the Cloud Service Portal. BloxOne Infrastructure provides the separation of infrastructure and services. It integrates status, metrics, and logs into a common viewer, so you can peruse consolidated information about your host infrastructure and services. Your current deployment will automatically migrate to the new Infrastructure page. No action is required on your part.

The following is a list of changes:

• Introduction of the new Manage > Infrastructure page within BloxOne that replaces the Manage > On-Prem Host page. The new page includes tabs for Hosts (new), Join Tokens (existing page - same functionality), Services (new - this is a complete set of deployed services on hosts), and Templates (new).

• The Manage > On-Prem Host page will be removed.

• New viewer for hosts and services accessible through the General Information link on Hosts or Services. The viewer presents detailed information about a specific host or service, including network configuration, status, notices (if any), metrics (for a period up to 30 days), and logs (for a period up to 30 days).

• The separation of networking using interface labels makes separating duties between host management and service management much easier.

• While service configurations reside where individual pages are in the Manage menu, you can refer to the configurations in Manage > Infrastructure > Services instead of associating the configurations with hosts. This allows for easier redeployment of the service when infrastructure has to be replaced.

• Simplification of status with dedicated status for host and service instead of mixing the two together (this means no more “Review Details” status).

• Advanced filtering is available separately on Hosts and Services (for example, you can use filters to find all services that are not online or all DHCP services across all hosts).

• Adjusted the service deployment dialogs.

• Host deployment works the same way as the On-Prem Host page by using a join token for virtual and customer-provided physical appliance or a serial number for Infoblox-provided physical appliance. Detailed configuration is adjusted to work with advanced interface labels.

• Use the new Template functionality to capture a snapshot of the service deployment of a host and apply the same service deployment to multiple hosts (for example, you can use one template and apply it to seven offices or use the same deployment for 263 stores). 

• Support of multiple interfaces on hosts will enable several dedicated network interfaces on each host. Services (DHCP, DNS, DNS Forwarding Proxy, Data Connector, NTP) can be deployed using a specific interface, which can differ between services. This allows individual services to work within separate networks.

• Support for alternative network connections between a host and the Cloud Services Portal. Two or more interfaces can be configured as WAN connections to the Cloud Services Portal. Priority of connections is supported for cost and performance reasons.

• Display of hosts in a map view based on the NatIP address of the host will provide a better understanding of the infrastructure deployment around the world and could help identify region-based issues.

BloxOne Threat Defense – February 18, 2023

BloxOne Threat Defense supports a preferred PoP selection.

Infoblox uses dynamic routing and global server load balancing to provide connectivity to points of presence (PoP). In most cases, automatic PoP selection works perfectly for all customers; however, sometimes third-party service providers make updates that affect PoP selection, which changes DNS resolution and affects the performance of other SaaS services. With this release, you will be able to define preferred PoP per DNS Forwarding Proxy (DFP) and Endpoint Group. DFP and BloxOne Endpoint must be able to communicate with PoPs directly by listed IP addresses and hostnames. Please adjust your firewalls configuration accordingly. For information, see BloxOne Endpoint.

BloxOne Threat Defense supports Web Content Discovery.

Web Content Discovery is a new feature of the BloxOne Threat Defense Advanced package. It assists organizations in identifying high-risk activities in use across their networks, by whom and by which device. The new report identifies all known web traffic by category and identifies specific categories associated with a higher risk to organizations. For information, see Web Content Discovery. 

BloxOne Threat Defense adds new and updated detection algorithms.

The BloxOne Threat Defense "Security-Activity" report now includes “Threat Family” in the "Threat Insight" detection report. It incorporates improved detection algorithms and protection from DGA (Domain Generation Algorithm), DDGA (Dictionary Domain Generation Algorithm), and DNST (DNS Tunneling) attacks. Additional algorithm enhancements include the ability to capture misconfiguration issues in customer environments and capturing Suspicious and Phishing Lookalike domains in customer traffic. For information, see Security-Activity Threat Insight Report. 

BloxOne adjusts the date range for DNS Activity and Security reports to a maximum of 31 days.

Infoblox adjusts the date range for DNS Activity and Security reports to a maximum of 31 days. Subscription customers for BloxOne Threat Defense Business On-Premises, Business Cloud, and Advanced will continue to have access to these reports for up to 31 days to provide visibility into recent DNS or security activities. For longer-term reporting needs, the Data Connector (DC) service is available for exporting data into third-party tools that offer storage beyond 31 days (e.g. SIEMs that are better suited for historical data storage and searching). For more information on Infoblox integrations with ecosystem partners, visit the Ecosystem Integration with SIEM page on Infoblox.com.

Infoblox will conclude the support of Data Connector-based Threat Insight on May 5, 2023.

On May 5, 2023, Infoblox will conclude support of the configuration that delivers Threat Insight using the Data Connector (DC). This only impacts customers who use both BloxOne Threat Defense (Advanced or Business licenses) along with NIOS appliances that are connected to the Infoblox Cloud via the DC. This does not affect self-contained versions of on-prem Threat Insight on NIOS platforms or cloud-only versions of Threat Insight. A very small number of Infoblox customers utilize configurations that use the Data Connector Threat Insight, therefore; continued support is no longer practical. In preparation for this change, Infoblox will no longer store internal authoritative DNS queries in the Infoblox cloud for customers sending such data via the Data Connector. Internal queries are not required for Data Connector, Threat Insight or any other supported uses. As a result, this end of support is unlikely to impact Threat Insight. After February 18, 2023, there will be no change to the network or configurations. After May 5, 2023, calls for support will no longer be accepted for this configuration. As such, we recommend discontinuing this configuration as soon as possible to preserve resources for your on-prem appliance and network. If your deployment uses this configuration, please reach out to your Customer Success Advocate (CSA) to discuss options for transitioning to a supported, more dynamic, and reliable configuration.

BloxOne Threat Defense – February 17, 2023

BloxOne Threat Defense changes to combination feeds. 

The combination RPZ feeds (high_block, high_log, med_block, med_log, low_block and low_log) will be changed for maintenance purposes. There may be minor but noticeable changes to the number of indicators available in each feed.

BloxOne Threat Defense – February 16, 2023

Data Connector supports filtering expressions and additional filter types for DNS security logs.

• By using filtering expressions, you are able to specify which traffic should be passed on and which should be dropped.
• DNS security logs can be filtered by new fields/properties: threat level, threat confidence, threat class, threat property, policy action, and feed name (custom list name).

   For information, see Data Connector. 

BloxOne Threat Defense – February 10, 2023

BloxOne introduces a new debugging CLI, so you can troubleshoot issues related to cloud connectivity and on-prem host deployment. 

Through the Device UI, you can enable or disable a secure terminal connection on port 2022 between your BloxOne host and the newly implemented debugging CLI. When you experience issues related to cloud connectivity or BloxOne platform image deployment, you can troubleshoot those issues through the debugging CLI. 

The Cloud Services Portal introduces the “Upcoming Releases” section that displays feature announcements for upcoming BloxOne releases.  

In addition to “What’s New,” the landing page of the Cloud Services Portal now includes an “Upcoming Releases” section that displays upcoming feature announcements for future BloxOne releases.

BloxOne Threat Defense – January 31, 2023

BloxOne supports dynamic policies using tags and metadata.

• Policy scope can be defined using tags for DNS Forwarding Proxy, Endpoints, Endpoint Groups, IPAM networks, individual IPs, IPAM Host objects, and ranges. Policy scope for Endpoint can be defined using metadata for operating systems and endpoint version.

• Policy rules can be defined using tags for custom lists as well as application and category filters. 

For information, see Configuring Network Scopes. 

BloxOne Threat Defense deprecation of ANY type of DNS requests.

This enhancement provides additional protection against Amplification/Reflection attacks. BloxOne Threat Defense will respond with NOTIMP to such requests. If you see such traffic in your network (DNS Activity report), it could indicate that it was compromised by a botnet/malware. For information, see DNS Activity Report and DNS Hits. 

BloxOne Threat Defense – January 20, 2023

BloxOne adds system-level support logging for endpoint devices.

The Infoblox support team has the option of obtaining endpoint logs from active devices for troubleshooting purposes. Relevant audit logs would be logged for such actions.

BloxOne Threat Defense – January 16, 2023

Application filtering now includes an additional 18 new applications. 

For a list of all the new applications available for filtering or for the inclusion of other applications for filtering, please contact Infoblox Technical Support or your Customer Success Manager. 

BloxOne Threat Defense – January 14, 2023

BloxOne Threat Defense adds two new standalone threat and RPZ feeds: Suspicious Lookalikes feed and Suspicious NOED feed.

• Suspicious Lookalikes feed: This feed includes domains that appear to impersonate other trusted domains but have also demonstrated enough abnormal behavior to warrant concern.
• Suspicious NOED (Newly Observed Emergent Domains) feed: This feed includes high-risk, newly active domains. These domains have only recently become active and share one or more characteristics with other known malicious domains to warrant concern.
  For information, see Viewing Active Threat Feeds and Threat Insight
  

BloxOne Threat Defense supports the addition of a large set of "general" lookalike domains for monitoring.

The Lookalike Domains feature now allows users to select from a large set of popular domains. This is in addition to the ten custom watched domains already provided. This allows monitoring of far more than the original limit of ten watched domains.  In addition, the limitation for target domain length has been decreased to three letters, down from five letters. For information, see Custom Lookalike Domain Monitoring.

BloxOne now allows the addition of large subnets for custom lists.

IPv4 subnets from /8 to /32 and IPv6 subnets from /32 to /128 are now supported. For information, see Creating Custom Lists.

BloxOne Threat Defense – January 13, 2023

Displaying a list of announcements, instead of only the most recent announcement, for new BloxOne releases on the Cloud Services Portal.

In previous releases, the landing page of the Cloud Services Portal displayed new feature announcements only for the most recent BloxOne release. It now displays a list of feature announcements for the past 30 days. This helps you keep track of all BloxOne product releases within the Cloud Services Portal without having to visit a separate website.

BloxOne Threat Defense – January 9, 2023

Dossier Summary Report now includes a screenshot image of queried domains.

With the implementation of the Dossier domain image feature, it is now possible to view a potentially dangerous domain without visiting it. Visual examination of a target domain can dramatically cut down on research time. For information, see /wiki/spaces/~5f0f5ad9502ce1001d1bd220/pages/9077778.

BloxOne Threat Defense – January 6, 2023

Category filters adopt a "tree-like" design structure similar to application filters.

With the implementation of an updated design, category filters and their associated subcategories are easier to navigate and to use from within the Cloud Services Portal. For information see Creating Category Filters

BloxOne Threat Defense – December 2, 2022

On the Cloud Services Portal, the configuration of global NTP settings is now under Manage > NTP. This function was previously under Manage > On-Prem Hosts.

For information, see Configuring Global NTP Settings.

BloxOne Threat Defense – November 23, 2022

BloxOne supports streamlined record filtering for viewing, analyzing, and downloading of service logs.

A revamped service logs page provides the ability to filter log records based on timestamp, log type, and host. Filtered results can be viewed on the page or downloaded in CSV format. Filtering criteria can be saved for re-use. For information see Viewing Service Logs.

BloxOne Threat Defense – November 12, 2022

BloxOne supports policy scopes based on external and internal networks allowing overlapping/inclusion of the scopes defined in other policies.

Policy precedence defines which policy will be chosen. For example, you can define a strict policy with higher precedence for infrastructure devices (e.g., routers) which are located in the same subnet with employees. For information see Configuring Network Scopes and Configuring External Networks. 

BloxOne security policy actions support the following DNS response TTL enhancements.

• Policy actions “Block - Redirect” and “Block – Custom Redirect” now set the DNS response TTL to 10 seconds. Previously, the TTL was set to 0.
• Policy action “Allow with Log” will not modify the DNS Response TTL. Previously, the TTL was set to 0.

BloxOne application discovery supports two new, default application filters: All Approved Applications and All Unapproved Applications.

Using the new filters, an application can be assigned an approved or unapproved status. Application status can be viewed on the Application Discovery summary page. This feature is available to BloxOne Threat Defense Advanced subscribers. For information on application discovery, see Viewing Applications. 

BloxOne lookalike domain management adds a suspicious flag to domains reported as being malicious or suspicious.

A suspicious flag has been automatically added to the DNS Activity and Security Activity reports to indicate malicious and suspicious domains. Flagged domains are added to a custom list automatically, providing an organization the option of automatically adding them to a custom configured block/log list. For information see Custom Lookalike Domain Monitoring.

BloxOne access authentication supports a configurable sign-out session page for authenticated users.

Authenticated users can sign out of a session from the same captive portal page. For information see Managing Access Authentication. 

BloxOne Threat Defense – November 4, 2022

BloxOne enhances your monitoring solution by providing an API in the cloud that you can use to query current metrics.

You can now integrate the BloxOne on-prem solution with your monitoring tools by using the newly implemented API to query current metrics of the infrastructure and services deployed on your hosts. Supported metrics include host CPU, memory, storage, port metrics, and protocol metrics. For more information, see https://csp.infoblox.com/apidoc.

BloxOne Threat Defense – November 1, 2022

Dossier integration for the Emerging Threats threat feed by Proofpoint (ETPro).

Integration with ETPro data when using a customer-provided Proofpoint API key provides a unified threat view of their threat ratings alongside the other rich threat Intelligence available within Dossier. For information, see /wiki/spaces/~5f0f5ad9502ce1001d1bd220/pages/9077778.

BloxOne Threat Defense – October 21, 2022

BloxOne Threat Defense supports Application Discovery.

Application Discovery allows you to see many of the applications used within your environment. Using DNS-based traffic patterns and detection signatures created by the Infoblox Threat Intelligence Group, many applications can be observed and associated with your protected assets. Because this is DNS-based, it automatically works for all the assets protected by BloxOne Threat Defense. The new interface (found under Reports) allows you to choose what applications are part of your supported standards and which applications are not. While the complete list of applications is extensive, many categories of applications are supported, including the following categories; business, personal storage, search engines, email, remote connectivity, video conferencing, data storage, and marketing services. By tracking applications, you gain better visibility into Shadow IT and applications with increased risk, such as unmanaged cloud storage providers. Increased visibility and compliance are just another part of BloxOne Threat Defense. Note: Check the interface regularly, as we will add new application detections over time. Not all applications that can be detected can be blocked in a security policy. Feedback on a specific application detection can be given within the Dossier screen.

Application Discovery is available to BloxOne Threat Defense Advanced subscribers. For information, see Application Discovery.

BloxOne Threat Defense – October 20, 2022

The BloxOne platform supports basic HTTP authentication for REST API.

Basic authentication provides the ability to use authentication credentials in the form of a CSP API key in the authorization header of the HTTP API. The API key replaces the username and password for a more secure means of basic authentication. For information, see Using Basic Authentication.

You can restart BloxOne services from the Cloud Services Portal.

In addition to starting and stopping BloxOne services, you can now restart services through the Cloud Services Portal. For information, see Enabling and Disabling Services on Hosts.

BloxOne supports importing and exporting NTP service configuration data.

You can now import and export NTP service configuration data through the Cloud Services Portal. For information, see NTP Service Configuration (ntpserviceconfig)

BloxOne Threat Defense – October 18, 2022

BloxOne now provides security logs generated from supported sources, so you can monitor the security and safety of your network infrastructure.

On the Cloud Services Portal, you can now view security events generated by supported application sources and download the security logs in CSV format. For more information, see Viewing Security Logs.

BloxOne Threat Defense – October 15, 2022

Intelligent Pop Selection enabled on DNS Forwardng Proxy (DFP) and BloxOne Endpoint for AMS customers.

BloxOne Threat Defense customers (mostly AMS) have been migrated to new infrastructure supporting intelligent PoP selection. For information, see DNS Forwarding Proxy and Endpoint Management. 

BloxOne Threat Defense – September 30, 2022

Infoblox TLD Score is now included in the Dossier Threat Indicator Report summary.

The TLD score indicates the level of risk associated with a top level domain (TLD). This score along with other data presented by Dossier can help when making a decision to block or allow a remote domain. For more information, see Dossier Threat Indicator Summary Report.

BloxOne Threat Defense – September 8, 2022

BloxOne extends troubleshooting support via the Device UI to bare-metal on-prem host deployments.

For bare-metal on-prem host deployments, you can now review configuration status and download the support bundle via the Device UI for troubleshooting purposes. For more information, see Troubleshooting Servers.

BloxOne implements metric-based traffic routing, so you can prioritize network interfaces for communication with the Cloud Services Portal.

You can now modify the metrics of network interfaces for each gateway on the respective on-prem host, so you can influence the routing path used for cloud communication. 

BloxOne Threat Defense – August 30, 2022

BloxOne Endpoint log level settings from the management portal.

With this upgrade, BloxOne Endpoint troubleshooting becomes much easier. You will be able to change log level for BloxOne Endpoint directly from the Cloud Services Portal (https://csp.infoblox.com). BloxOne Endpoint will be upgraded to support the feature on 8/30/2022. You can postpone the upgrade if needed.

For information, see Endpoint System Level Logging.

BloxOne Threat Defense – August 22, 2022   

BloxOne Threat Defense support for filter categories.

New content categories and sub-categories are now supported for custom filter creation.

For information, see Creating Category Filters.

BloxOne Threat Defense – August 15, 2022

BloxOne Threat Defense supports "block no log" and "redirect no log" security policy actions.

In some cases, you may need to block traffic without logging information about the action due to the large volume of events. Infoblox is releasing these new policy actions so you can suppress such noise events and be able to focus on important security issues. The new policy actions, "block no log" and "redirect no log," block DNS requests without logging events in the Security Activity report. The blocked DNS requests will be available in the DNS Activity report.

For information, see Adding Policy Rules and Setting Precedence.

BloxOne Threat Defense support three new indicator feeds. 

This release introduces three new feeds for security policies. The first two provide additional options for blocking sanctioned nations. The existing sanctioned feed, “US OFAC Sanctions IPs,” will now only block nations that are embargoed (Cuba, Iran, Myanmar, North Korea, Syria and Venezuela). The two new feeds are “US OFAC Sanctions (High) IPs” and “US OFAC Sanctions (Med) IPs.” The “Sanctions (High)” blocks all nations in the embargoed list, plus the following: Belarus, Cambodia, Central African Republic, China, Democratic Republic of Congo, Iraq, Libya, Macao, Russia, and Yemen. The “Sanctions (Med)” includes all of the nations included in the embargoed and high lists, plus the following: Lebanon, Somalia, South Sudan, Sudan, and Zimbabwe.

Additionally, Infoblox has decided to create a new feed for suspicious indicators. Suspicious indicators are indicators that identify sites that should be blocked based on clear evidence, even though an attack using the indicator has not been triggered at that time.

For information, see Viewing Threat Feeds and Threat Insight.

Tag support for BloxOne Threat Defense objects.

Tags provide you with an ability to add additional context to the configuration settings. With this release, administrators will be able to define tags for the following Threat Defense objects: BloxOne Endpoint, BloxOne Endpoint groups, custom lists, security policies, DNS forwarding proxies, category and applications filters, custom redirects, and internal domains. In subsequent releases Infoblox will be able to provide enhanced services based on tags.

For information, see Applying Tags. 

BloxOne Endpoint Chromebook support for Google API.

BloxOne Endpoint for Chromebooks will be upgraded to support new Google APIs. The service may become unavailable for outdated endpoints, so all customers are encouraged to upgrade endpoints as soon as possible.

For information, see Deployment of BloxOne Chromebook Client.

BloxOne Policy for non-authenticated users. 

Access authentication service allows you to define security policies per user group and authenticate users with third-party IdP providers such as Microsoft Active Directory, Azure Active Directory, Okta, and OpenAM. This release enables the creation of security policies for non-authenticated users (users before authentication), IoT, and/or infrastructure devices if they cannot be authenticated at all. Policies for non-authenticated users and devices can be very restrictive to allow communications with a very limited number of domains and/or applications. 

This upgrade will require DNS forwarding proxy to restart with the planned service interruption for up to two minutes.

For information, see Authentication Policy for Non-authenticated Users and Non-authenticated Devices.

BloxOne Threat Defense – August 12, 2022

You can now control user access to the Cloud Services Portal and associated functionality by enabling restricted IP addresses for selected user groups.

For more information, see Restricting Access for User Groups.

BloxOne Threat Defense – August 9, 2022

Feed filtering for BloxOne Dossier/TIDE.

In this release, you can precisely control the type and volume of indicators sent to your appliances by specifying individual indicator class and defining the threat and confidence levels that are being put into a customized RPZ feed. This allows users to precisely control type and volume of indicators sent to their appliances.

For information, see TIDE Data.

Dossier Integration (Bring Your Own License) for Mandiant

Dossier supports Bring Your Own License (BYOL) integration with Mandiant data when using a customer-provided API key.

For information, see Dossier Summary.

BloxOne Threat Defense – July 14, 2022

Cloud Data Connector supports multiple data connectors to pull data/logs from BloxOne Cloud.

Multiple data connectors can now be deployed to pull data/logs from BloxOne Cloud and send the data to multiple destinations. For more information, see Configuring Destinations.  

Cloud Data Connector supports multiple indexers for Splunk Destination.

Multiple indexers can now be provisioned to a Splunk destination allowing for optimum load distribution. For more information, see . For more information, see Setting Up Splunk.

The BloxOne customer service portal now displays the serial number for all virtual appliance, on-prem deployments such as VMware, Azure, AWS, KVM.

 Serial numbers of all virtual, on-prem deployments for VMware, Azure, AWS, and KVM  can be viewed in the BloxOne customer service portal.  For more information, see https://support.infoblox.com.

BloxOne Threat Defense – July 13, 2022

Monitoring BloxOne Endpoint connectivity to Point of Presence (PoP). 

As a DNS administrator, you can now monitor to which PoPs your endpoints are connected. When BloxOne Endpoint connects to a new PoP, the endpoint connection status will automatically be updated allowing for better tracking of potential DNS connectivity issues and for determining what geographic region your endpoint resides. For more information, see Managing Endpoint.

BloxOne Threat Defense – July 12, 2022

Three new threat/RPZ feeds are available for DNS firewall.

The following new threat/RPZ feeds are available for DNS Firewall: 

• Suspicious Indicators: A dedicated feed that includes all suspicious indicators categorized as being suspicious. This feed is available to all BloxOne Threat Defense Advanced subscribers.
• Sanctions - High Risk: This feed includes all high risk indicators from sanctioned countries. Indicators from the following countries are included in the feed: Belarus, Cambodia, Central African Republic, China, Cuba, DR Congo, Iran, Iraq, Libya, Macao, Myanmar, North Korea, Russia, Syria, Venezuela, and Yemen. This feed is available to all Advanced and Business licensed BloxOne Threat Defense subscribers.
• Sanctions - Medium Risk: This feed includes all medium risk indicators from sanctioned countries. Indicators from the following countries are included in the feed: Belarus, Cambodia, Central African Republic, China, Cuba, DR Congo, Iran, Iraq, Libya, Macao, Myanmar, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, Yemen, and Zimbabwe.   This feed is available to all Advanced and Business licensed BloxOne Threat Defense Cloud subscribers.

For more information, see Viewing Active Threat Feeds and Threat Insight.

BloxOne Threat Defense – July 7, 2022

A new Trusted Partner user group, “ib-trusted-partner,” is now available in BloxOne.

The user group, “ib-trusted-partner,” is now available in BloxOne, giving assigned users read-only access to information in BloxOne, without the ability to make changes

BloxOne Threat Defense – June 21, 2022

Dossier and TIDE enhancement:

ThreatFox malware detection for Dossier from Abuse.ch

ThreatFox reports indicators of compromise (IOCs) associated with malware giving more context to your threat investigations. For information, see /wiki/spaces/~5f0f5ad9502ce1001d1bd220/pages/9083834.

BloxOne Threat Defense – May 13, 2022

BloxOne expands the ability for you to specify custom templates for webhook notifications.

You can now integrate your notification platforms by specifying custom templates for webhook notifications. You can specify any number of webhooks and their associated templates and specify the notification types they will be used for. For information, see Configuring Service Integrations.

BloxOne Threat Defense – May 3, 2022

BloxOne Endpoint enhancements:

You may now implement security policies based on user groups with supported SaaS IdP (Identity Provider) which currently includes Okta and OpenAM.

A policy provisioned for a BloxOne Endpoint Group will be applied before a user is authenticated. Once a user is authenticated, it will be possible for the user to browse the Internet or other restricted content as allowed by the policy. For more information, see Endpoint SSO Authentication.

The BloxOne Endpoint is available for deployment on Chrome OS version 90 and above.

 BloxOne Endpoint is available on the following platforms: Microsoft Windows, MacOS, iOS, Android, and Chrome OS. Note that Android and Chrome devices should be managed by Google Admin Console. For more information, see Managing Mobile Endpoint.

Scheduling and/or deferring upgrades per endpoint group.

It is now possible to evaluate new features and enhancements in a test group before rolling out the upgrade to the entire company. You may also postpone the upgrade to a more convenient date/time per endpoint group. For more information, see Scheduling Endpoint Group Updates.

Netskope client compatibility with BloxOne Endpont.

BloxOne Endpoint is officially certified to run with Netskope client 93.0.1, provided that you disable "Bypass Loopback DNS feature flag" on Netskope. For more information, see Endpoint Compatibility Guidelines. 

Policy management enhancements:

User authentication and group-based policies with on-prem Microsoft Active Directory for DNS Forwarding Proxy (DFP).

In addition to SaaS IdP providers Okta, OpenAM, Microsoft Azure Active Directory, it is now possible to authenticate users on on-prem Microsoft Active Directory. This service is supported for standalone DFP (deployed in a VM or as a container) or running with BloxOne DDI services. For more information, see Setting Up Access Authentication.

Access authentication exceptions based on subnets or individual IP addresses.

To allow non-authenticated access for IoT and infrastructure devices to the same DFP infrastructure used by other users, you can now define exceptions based on subnets or individual IP addresses. For more information, see Configuring Access Authentication Profiles for On-Prem Hosts.

Support for safe search enforcement.

DNS category filtration provides good protection against explicit content, but search engines themselves can provide access to restricted content. For compliance reasons, or simply to prevent juveniles or other users access to such content, search engines provide "safe" versions of their search engines, which filter out inappropriate results. To help enforce the policy for all devices, this new policy feature can automatically redirect users to a safe version of the supported search engines. This feature currently supports the following search engines: Google Search, Bing, Youtube, and Yandex. For more information, see Safe Search Enforcement.

Local DNS request processing optimization.

To reduce the number of noise requests forwarded to the cloud and to avoid misconfiguration, DFP and BloxOne Endpoint will automatically forward all PTR requests for any private subnets (e.g. 10.0.0.0/8, 192.168.0.0/16, etc.) to local DNS servers. With this enhancement, you will not need to list such subnets in the internal domains or custom allow lists. For more information, see Forwarding DNS Traffic to Infoblox Platform. 

BloxOne Threat Defense RESTful API updates.

• dns_event API endpoint is refined to support the following capabilities:
• Filtering by: feed/custom list name, feed/custom list type, domain category, application, endpoint name, on-prem host name, client's subnet/IP, threat class, threat property, threat indicator, DNS view for NIOS logs.
• Additional metadata in response: username, user group, application, feed/custom list name, feed/custom list type, domain category.
• Additional REST API enhancements: 
• Substring match support
• Managing individual entries in the list of internal domains
• Response pagination for custom lists

For more information, see DNS Event and BloxOne Threat Defense API Guide.

Infoblox introduces a new NTP service for all BloxOne Threat Defense Business Cloud and Advanced customers to reduce dependency on third-party services and to ensure that a common time source is used for all devices.

The NTP service can be deployed standalone, or along with DNS Forwarding Proxy or other services on on-prem hosts. You can configure the NTP service uniformly across the account with the possibility of overriding locally on the host wherever NTP service is deployed. The service supports detailed configuration, including authentication, specific attributes, and access control lists. For more information, see NTP Service.

Dossier and TIDE enhancements:

Bring Your Own Feed (BYOF) – A new method to create RPZ feeds from TIDE Custom Profiles. 

You can now define an RPZ name during the creation of a TIDE profile to have it automatically create an RPZ file from data uploaded to TIDE. Users who have access to other third-party data sources shared with TIDE can better utilize these feeds using the DNS firewall or when sharing threat intel to other solutions in the security stack. For more information, see TIDE Data Submission Overview.

BloxOne Threat Defense – April 29, 2022

You can now remove B1-105 physical on-prem hosts from the Cloud Services Portal. 

For more information , see Removing Hosts and Deploying the B1-105 Appliance.

BloxOne Threat Defense – April 20, 2022

The point of presence (PoP) in South Africa has been updated to enhance BloxOne services and DNS performance.

BloxOne Threat Defense – April 11, 2022

In-app and email notifications are now sent from BloxOne prior to user and service API key expiration. Notifications occur on a daily basis two weeks prior to and up through the date of expiration.

For more information on user and service API keys, see Configuring User API Keys and Configuring Service API Keys, respectively.

BloxOne Threat Defense – April 8, 2022

Infoblox supports the deployment of on-prem hosts via the Microsoft® Azure Marketplace.

You can now deploy BloxOne for Azure virtual appliances directly from the Azure Marketplace. For more information, see Deploying NIOS-X Servers from the Azure Marketplacee.

BloxOne Threat Defense – April 7, 2022

You can view upcoming release announcements on the Cloud Services Portal home page.

Information on future BloxOne features and products will now be announced on the Cloud Services Portal. The new section is called “Upcoming Releases,” noting what is coming and the estimated release date. You may also opt to receive in-app or email notifications of upcoming releases by visiting the Notification Settings page . For more information, see Configuring Notification Delivery.

Infoblox BloxOne extends log exports to now include DHCP logs, DNS logs, and Security logs to your dedicated Amazon S3 bucket.

For more information, see Exporting Logs.

BloxOne Threat Defense – March 29, 2022

Infoblox supports the deployment of on-prem hosts in AWS.

You can now deploy on-prem hosts in AWS using Infoblox-provided Community or Public BloxOne AMI images. For more information, see EC2 Instances Using AMI in AWS Deployment.

BloxOne adds the "BloxOne VM - AWS" subtype to the On-Prem Host page.

You can now filter on-prem hosts deployed in AWS by "BloxOne VM - AWS” on the On-Prem Host page of the Cloud Services Portal. For more information, see Viewing On-Prem Host Status.

BloxOne Threat Defense – March 28, 2022

You can now receive email and/or in-application notifications of new release information based on your entitled BloxOne subscriptions. You can modify this setting in the Notification Settings page for specific user groups by choosing the “New Release Notifications” in-app and/or email setting.

For more information, see Configuring Notification Delivery.

BloxOne Threat Defense – March 25, 2022

Enhancement

The Dossier™ Summary page now includes a link to a feedback submission form where you can report indicator information found contrary to the information being reported by Dossier.  

You can report the following types of incorrect threat indicator information: 

• False positive and false negative threat data. 
• Incorrect web category information.
• Incorrect lookalike detection information.
• Incorrect application detection information.

For more information, see Dossier Threat Research Feedback.

BloxOne Threat Defense – February 25, 2022

Enhancement

Anycast BGP configuration for on-prem hosts now supports 4-byte ASNs, including ASPLAIN and ASDOT formats.

For more information, see Configuring Anycast for Hosts.

BloxOne Threat Defense – February 2, 2022

Enhancements

BloxOne endpoints are no longer displayed in the Cloud Services Portal once they are moved to the recycle bin.

• Statistics reported in the details pane of the Endpoints page no longer include deleted endpoints. 

• Endpoints restored from the recycle bin are assigned disabled status by default.

• When an endpoint group is deleted, all endpoints residing within the deleted group are moved to the default endpoint group.

• When restoring a deleted endpoint from a deleted endpoint group, the restored endpoint remains a member of the default endpoint group. 

For more information, see Managing Endpoint.

BloxOne Threat Defense – January 12, 2022

Features and Enhancements

BloxOne Endpoint supports the following endpoint clients: Akamai Enterprise Applications Access (EAA) VPN client and Zscaler Client Connector with VPN client.

For more information, see Endpoint Compatibility Guidelines.

BloxOne Endpoint supports the following operating systems: Windows 11 and macOS Monterey.

For more information, see Supported Browsers and Operating Systems.

BloxOne Mobile Endpoint Management has the following enhancements: allows sending log files directly to the Cloud, multiple Anycast support, reestablishment of endpoint protection.

For more information, see Mobile Endpoint Management.

To simplify management of security policies, you can now create and modify many objects inline, including custom lists, category filters, and endpoint groups.

For more information, see Configuring Security Policies.

BloxOne Threat Defense now supports several new objects for data import and export.

For more information, see Importing and Exporting Data.

Data Connector now sends DHCP enriched logs, including certain metadata and field names, to all applicable destinations in CEF/LEEF log format. 

For more information, see Configuring Traffic Flows.

BloxOne Threat Defense – January 11, 2022

Features and Enhancements

Infoblox supports the deployment of on-prem hosts in KVM-hypervisor-based deployments.    

You can now deploy on-prem hosts through KVM-hypervisor-based virtual appliances, using Infoblox-provided QCOW2 packages you download from the Cloud Services Portal. For information, see Bare-metal KVM Deployment and OpenStack with KVM Hypervisor Deployment.

BloxOne now provides high-capacity Microsoft Azure VHD packages for deploying on-prem hosts.    

Depending on your business requirements, BloxOne now supports high-capacity Microsoft Azure VHD installation packages you download from the Cloud Services Portal. For information, see Downloading Infoblox Apps.

Infoblox supports the deployment of on-prem hosts on DELL 1425 and 1485 VEP hardware.

You can now deploy on-prem hosts on DELL VEP hardware, using Infoblox-provided ISO packages you download from the Cloud Services Portal while creating on-prem hosts using the serial number option. For information, see Hardware Appliance Deployment.

The Device UI provides additional information to improve troubleshooting during on-prem host deployments.

The Device UI provides additional information about the accuracy of the "join token" that you have entered via the Device UI or via cloud-init values, and the serial number that you have entered via the Cloud Services Portal. For information, see Troubleshooting Servers.

BloxOne Threat Defense – January 5, 2022

Enhancement

Infoblox Data Connector now supports sending logs from BloxOne and NIOS sources to a Splunk Cloud destination in Splunk CIM or legacy Infoblox data format.

For more information, see Configuring Traffic Flows.

BloxOne Threat Defense – January 4, 2022

Enhancement

Depreciation of the ActiveTrust Platform.

Infoblox replaced the ActiveTrust platform three years ago with the introduction of BloxOne Threat Defense built on the Cloud Service Platform, a modern and scalable platform built for a future of dynamic cloud-native security and networking solutions. Most customers have already migrated but there may still be a few using legacy connectors. Please ensure any use of the legacy system at (platform.activetrust.net) has been moved to the new cloud services portal (csp.infoblox.com). For developer resources please visit the TIDE and DOSSIER guide for CSP, and If you have any additional questions, please contact Infoblox support at 888-463-6259.

BloxOne Threat Defense – December 17, 2021

Enhancement

The Security Activity Report permanently replaces the former Security Report. 

Since the release of the new Security Activity Report to Infoblox Threat Defense about a year ago, the former Security Report has been retained to ease with the transition. As newer reporting capabilities have been added to the new Security Activity Report, dependence on the older report has declined and it is time to remove it.

There is no action required on your part as the former Security Report will be removed from the Cloud Services Platform menu after December 17, 2021.

BloxOne Threat Defense – November 30, 2021

Enhancements

The Dossier Summary report page now includes additional application detection data in the returned search results.

The additional detection information includes the domain's SSL certificate when available along with the application classification information for the domain. The application classification data indicates whether the searched domain possesses malicious content or whether it is benign. The Dossier API has been updated to include the two new data parameters.

For more information, see the /wiki/spaces/~5f0f5ad9502ce1001d1bd220/pages/9077778

BloxOne Threat Defense – November 18, 2021

Enhancements

Data Connector now sends DHCP lease logs to all applicable destinations and supports CIM and the legacy Infoblox data format for Splunk destinations. 

For more information, see Configuring Traffic Flows.

BloxOne Threat Defense – October 19, 2021

Enhancements

BloxOne introduces new status and message for initial deployment of non-NIOS on-prem hosts.  

When deploying a non-NIOS on-prem host, you can now view its initial deployment status and message in the Platform Management section of the Manage -> On-Prem Host page of the Cloud Services Portal. For more information, see Viewing Host Status.

Data Connector sends additional enriched data fields for Threat Defense Query/Response and Threat Feeds Hits logs to all applicable destinations. 

For more information, see Configuring Traffic Flows.

BloxOne adds support for VMware ESXi server versions 6.7 and 7.0 for on-prem host deployment.  

For more information, see Supported Platforms for Hosts.

BloxOne Threat Defense – September 21, 2021

Features and Enhancements

This BloxOne release introduces mobile endpoint management for iOS and Android devices.  

Infoblox foundational DNS security is now available to secure iOS and Android devices with BloxOne Threat Defense to counter the growing threat from phishing, malicious apps, and other risks. For more information, see Managing Mobile Endpoint.

BloxOne Endpoint supports the automatic removal of regular and mobile endpoints. 

BloxOne Endpoints, both regular and mobile, can be configured for automatic removal after a customizable period of inactivity, simplifying the management of hundreds of thousands of endpoints. For more information, see Automatic Removal of an Endpoint After a Period of Inactivity.

Dossier enhances threat investigation through threat scoring and deeper integration with Security Activity reports.

The latest update to the Dossier feature of BloxOne Threat Defense helps to further accelerate investigations through enhanced threat scoring, and deeper integration with Security Activity reports for the indicator under investigation. For more information, see /wiki/spaces/GSS/pages/11830824.

BloxOne Endpoint provides endpoint password protection against unauthorized interference.

You can use a password to protect BloxOne Endpoints against unauthorized interference, such as stopping the service, to maintain critical security visibility and control. For more information, see Creating Endpoint Groups.

This BloxOne Threat Defense release provides the ability to move objects to the Recycle Bin and restore the objects as required. 

Objects can be deleted temporarily, restored, or deleted permanently. The auto-delete settings can also be configured. When supported objects are deleted, they are now placed into a searchable Recycle Bin. This allows you to easily recover objects when necessary. Objects in the Recycle Bin are stored for a maximum of 30 days, and there is a 100,000-object limit. For more information, see Recycle Bin.

BloxOne Endpoint now supports enabling and disabling endpoints by endpoint group. 

You can now enable and disable BloxOne Endpoint by endpoint group, simplifying the management of hundreds of thousands of endpoints. For more information, see Enabling and Disabling Endpoints by Group.

This release includes BloxOne Threat Defense reporting enhancements for the Cloud Services Portal.

A series of enhancements and updates have been made to improve overall reporting usability. For more information, see Viewing Reports.

You can now easily reorder security policy precedence using drag-and-drop functionality. 

For more information, see Creating Security Policies.

This BloxOne Threat Defense release now supports click-through capability for dashboard widgets. 

Many dashboard charts and graph widgets now support click-through for viewing report data. Clicking on a widget in the dashboard will take you to the reporting page where you can view additional information. For more information, see Viewing the Dashboard.

BloxOne Threat Defense – August 12, 2021

Features and Enhancements

The Infoblox SSO Portal now supports single IdP authentication for multiple domains.    

In previous releases, the SSO Portal required a separate IdP configuration for each domain. With this release, a single IdP configuration may be specified for multiple domains. For more information, see Configuring IdP Authentication.

The former on-prem host type "BloxOne OVA" is now displayed as "BloxOne VM" on the Cloud Services Portal.    

 On the On-Prem Host page of the Cloud Services Portal, the former on-prem host type "BloxOne OVA" is now displayed as "BloxOne VM." For more information, see Viewing Host Status.

This BloxOne release adds sub types to these on-prem host types: "BloxOne Appliance" and "BloxOne VM."    

The Cloud Services Portal now supports sub types for on-prem host types "BloxOne Appliance" and BloxOne VM," as follows:

• BloxOne Appliance: B105
• BloxOne VM: VMware and Azure

For more information, see Viewing Host Status.

Infoblox supports the deployment of on-prem hosts in Microsoft Azure.    

You can now deploy on-prem hosts in Microsoft Azure using Infoblox-provided VHD packages you download from the Cloud Services Portal. Note that the DHCP service is not officially supported yet, and you cannot update network configuration through the Cloud Services Portal. For more information, see Microsoft Azure Deployment.

BloxOne now provides high-capacity OVA packages for deploying on-prem hosts.    

Depending on your business requirements, BloxOne now supports high-capacity OVA installation packages you can download from the Cloud Services Portal. For information, see Downloading Infoblox Apps.

Data Connector supports sending log messages in Common Information Model (CIM) format when you configure Splunk as the destination.    

When configuring a Data Connector traffic flow, you now have the option to choose CIM as the log message format when you configure Splunk as the destination. For information, see Setting Up Splunk.

You can download service logs using the BloxOne API.    

This BloxOne release provides documented API for downloading service logs (such as the DNS query log and DHCP log). For more information, see https://csp.infoblox.com/apidoc.

BloxOne Threat Defense – July 8, 2021

Enhancements

Infoblox Single Sign-On (SSO) Portal administrators will now receive email notifications on administrative events.    

This release enables email notifications to SSO portal admins on the following SSO administrative events: activation & deactivation of your IdP (Identity Provider), enabling and disabling of Multi-Factor Authentication (MFA), and creation and deletion of portal admins. For domains users, the following operations also result in an email notification: user activation & deactivation, user locking and unlocking, and the toggling of local credentials on and off.

BloxOne Threat Defense – June 29, 2021

Features and Enhancements

This DNS forwarding proxy (DFP) upgrade allows you to define security and DNS resolution policies on a per-application basis.     

With this DNS Forwarding Proxy (DFP) upgrade, you can define security and DNS resolution policies on a per-application basis. A new action of Allow - local resolution is added to applications, in addition to the existing allow, block, and redirect actions. The Allow - local resolution action is enabled for BloxOne Endpoints configured to use a network-provided DNS service and for standalone DNS forwarding proxies configured to use a DNS fallback,

The Infoblox on-prem resolution feature improves the performance of web applications and provides local geographic DNS resolution.     

Infoblox offers a local on-prem resolution feature that provides protection against DNS exfiltration for on-prem hosts that resolve DNS queries using local internet breakouts. When you enable local on-prem solution on an on-prem host that runs BloxOne Threat Defense Cloud DFP and BloxOne DDI DNS services, DNS queries that are not blocked locally can be resolved by a local DNS server by querying the roots and other authoritative DNS servers directly. Both DNS requests and responses are then forwarded to Infoblox Cloud for security policy validation. 

BloxOne Threat Defense policy engine is updated to validate DNS SVCB and HTTPS records.     

The newly introduced record types can be used to pass DNS firewall and provide information on how to connect to malicious or undesirable destinations (e.g. DoH servers). To prevent such communications and align with corporate security policies, the BloxOne Threat Defense policy engine is updated to validate DNS SVCB and HTTPS records (type 64 and 65). Depending on your policy settings, the policy engine can return NXDOMAIN if a policy rule is set to block, or NODATA if a policy rule is set to redirect.

The Dossier Threat Research Portal is getting new data and an improved interface.     

The Dossier portal now displays additional threat data using the MITRE ATT&CK Framework on many indicators. When researching for an indicator associated with an attack, you can see the behavior and techniques employed by the attack. In addition to the existing Dossier Threat Actor profiles, the new MITRE ATT&CK data allows you to understand the attacker and respond to threats with a greater view of who, how, and why your organization is being targeted.  This improved interface offers a new timeline layout, easy-to-use threat scoring, and a few usability enhancements.

The Dossier and TIDE developer guides have been updated.     

Guides for integrating with your Dossier and TIDE threat intelligence have been updated. New layouts, more examples, and use cases have been included. This data allows you to enhance your SOAR, Firewall, or SIEM solutions with Infoblox threat intelligence. A full API guide lets you create the solution that best fits your organization.

The BloxOne Endpoint update supports the Apple M1 CPU.     

BloxOne Endpoint is updated to support the new Apple M1 CPU. The update also includes minor bug fixes for Windows and Mac OS.

BloxOne adds a new DNS Point of Presence (PoP) in Bahrain.     

This PoP provides better resolution speeds (DNS latency), resiliency, and local resolution for organizations in the Middle East region

BloxOne Threat Defense – June 18, 2021

Features and Enhancements

On-prem host configuration now supports IPv4/IPv6 dual-stack networks.     

When configuring on-prem hosts, you now have the option to configure IPv4 or IPv4/IPv6 dual-stack networks. Note that DNS and DHCP services do not yet support dual-stack networks. For information, see Viewing and Modifying Host Configuration.

You can configure MTU (Maximum Transmission Unit) and path MTU discovery to improve bulk protocol throughput.     

To avoid IP fragmentation, you now have the option to configure the MTU value when you initiate an OVA deployment. You can also enable or disable path MTU discovery during an initial deployment or after the deployment through the Device UI. For information, see ESXi OVA Deployment Using vCenter, vCenter OVA Deployment to ESXi Using ovftool, and Troubleshooting Servers.

Infoblox offers a downloadable JSON template that you can use to modify specific Bootstrap configurations and connect a physical host to the BloxOne Cloud.     

You can download a JSON template to a USB flash drive and modify specific information before using the drive to initiate new configurations on a physical on-prem host and connect it to the BloxOne Cloud. For information, see Modifying Host Configuration Using a USB Drive.

BloxOne services provide a global search function that allows you to look up specific resources or objects.     

You can use the global search function to quickly locate BloxOne resources or objects by entering key words in the search field. Phase one of this function supports specific objects and searchable fields. For information, see Using Global Search.

BloxOne Threat Defense – May 18, 2021

Enhancements

You can now define notification templates that allow custom formatting based on notification severity for webhook integration.     

When setting up a custom webhook integration for notifications, you can create custom templates that will define the notification format. This is API-only functionality. For more information, see Configuring Notification Settings.

BloxOne Threat Defense – April 9, 2021

Enhancements

Changes made to the “From” address for BloxOne Notifications.     

Starting April 9^th, 2021, Infoblox has changed the “From” address to "donotreply@bloxone.infoblox.com" for notification e-mails that users receive. Please make sure that you add this e-mail address to your contact list, so you can continue to receive BloxOne notifications.

BloxOne Threat Defense – April 7, 2021

New Features and Enhancements

Support for customer-provided Identity Providers using the standard SAML 2.0 interface.     

In the SSO Portal, you can now configure your Identity Provider using the standard SAML 2.0 interface. With this integration, Infoblox BloxOne products can be seamlessly integrated with your identity solution. Optionally, you can define mappings between user groups in your Identity Provider and user groups within BloxOne, which will automatically assign permissions for users within BloxOne. If this mapping is not defined, permissions can be manually set in the Cloud Services Portal. The SSO Portal integration will also provide identity information for the Infoblox Support Portal. For more information, please refer to the Infoblox SSO Portal documentation.

BloxOne Threat Defense – March 23, 2021

New Features and Enhancements

DNS policies for internal subnets/IP addresses served by a DNS Forwarding Proxy (DFP).      

This update allows you to define different policies based on a client IP address. For example, you can define different policies for a server segment and employees. To manage the internal networks, the IP Address Management (IPAM) interface will be available for BloxOne Threat Defense customers. This is the same IPAM interface that is available for BloxOne DDI customers. You may find it useful to expand your subscription with BloxOne DDI functionality, such as DHCP and/or NIOS Grid Connector, to import data from NIOS IPAM to BloxOne IPAM. This functionality will be available on hosts running BloxOne DDI DNS and DNS Forwarding Proxy (DFP) by April 3^rd 2021, and for other deployment types (standalone DFP, container, DFP on NIOS) by April 17^th 2021. The IPAM management interface will be available on March 23, 2021.. 

IPv6 DNS Anycast support.

Infoblox is rolling out IPv6 DNS Anycast support to all points of presence with a target date to finish the deployments by May 15, 2021. If you directly use our cloud DNS resolver (without BloxOne Endpoint or DFP), you may provision the following DNS Anycast IPv6 addresses: 2400:4840::100, 2620:129:6000::100.

Update of Infoblox's public IP addresses.

If your firewalls are configured to allow communications to specific IP addresses and subnets only, you may need to update the list of BloxOne Threat Defense public IP addresses and hostnames (https://infoblox-allowlist.s3.amazonaws.com/infoblox-hostnames-ips.json). Please note the updated URL/filename. If you automatically pull the file, please update the URL. This file will be updated on March 23, 2021..

BloxOne Endpoint uninstallation with a password.

BloxOne Endpoint will get additional controls to prevent non sanctioned removals with uninstallation password. The password can be set per endpoint group.

Reporting update.

Numerous updates have been made to reporting as Infoblox continues to enhance your access to security events in your organization.  Check out the new Security Rollup Summary in Dashboards for streamlined indicators at a glance.  In your Security Activity Report, you will see two new tabs.  The Threat View Tab brings a view into detected threats with a simple pivot model.  The Insight Tab brings you correlated threat data to help identify the most important events in your environment.

BloxOne Threat Defense – February 23, 2021

New Feature

For the support of direct subscription threat feeds, the Cloud Services Portal now provides Key Store Service for "Bring Your Own License" (BYOL). 

“Bring Your Own License,” or BYOL, provides greater flexibility in the use of cyber threat intelligence when integrated with Infoblox’s threat feeds. Using the Key Store Service for BYOL, BloxOne Threat Defense is able to support threat feeds from vendors preferring a more direct subscription relationship.

BloxOne Threat Defense – February 22, 2021

Features and Enhancements

On the Cloud Services Portal, you can view the current state of the Anycast configuration and the overall status of the Anycast service. In the detail panel, you can also view Anycast service status for individual on-prem host. 

On the Anycast page of the Cloud Services Portal, the new STATE column displays the current status of your Anycast configuration. You can also view the overall status and individual status of the Anycast service configured on your on-prem hosts.

When you defer updates for on-prem hosts, you can use the "Add Schedule" feature to schedule multiple updates. You can also use tags to associate one or multiple on-prem hosts with the scheduled updates.

In the Schedule Software Updates dialog, you can use the newly added Add Schedule button to add multiple update schedules for your on-prem hosts. You can also use tags to associate one or multiple on-prem hosts with the scheduled updates.

You now have the ability to choose whether to apply configuration changes immediately to your on-prem hosts or schedule the changes during a specified timeframe. You can also use tags to associate one or multiple on-prem hosts with the scheduled configuration changes.

When you make configuration changes to your on-prem hosts, you have the choice to apply the changes immediately or schedule the changes for a specified timeframe. The configuration updates apply to all on-prem hosts to which you have assigned the tag for the scheduled changes. 

Infoblox has improved the sign-in help process to give you the specific help you need without you having to figure out what the issue is. 

When you sign in to any of the Infoblox Services, you can now click the Help me sign in link to assist you with a forgotten password, a locked account, resend of activation instructions, or account suspension. This link will direct you to a dialog for you to enter your email address. When you select Send Email, Help me sign in will identify the specific help you need and send you an appropriate email to address the issue.  

BloxOne Threat Defense – February 16, 2021

New Features and Enhancements

Infoblox has improved upon API keys with the introduction of two new types of API keys, “interactive” and “service.” API keys are the tokens used with API requests to facilitate API authentication. The new key types perform the same function for different user accounts, yet introduce improvements in lifecycle management, key expiration, and key names.

The new key types introduce the following improvements:

• Lifecycle management: You can now create, delete, disable, and enable keys.

• Key expiration: A user-specified expiration can be defined at the time you create the key to determine the duration of key validity.

• Keys names: You can name the key to easily identify it in the future.

Existing API keys, called "legacy" keys, continue to be supported, and are similar to interactive keys, yet limited to legacy and existing functionality with new support for the disable, enable, and delete functions. 

The Cloud Services Portal now retains filter configuration you have applied to a page, so you can pick up right where you left the page without spending extra time to reconfigure your filters when you access the page again.

When you apply a filter or filters to a Cloud Services Portal page, the filter configuration stays intact the next time you access the page.

BloxOne Threat Defense – February 5, 2021

Enhancements

The following additional details for an on-prem host are now displayed in the right panel of the Cloud Services Portal: Uptime, Last Update time, and Component Updated. 

When viewing the status of an on-prem host on the Cloud Services Portal, you can now see more details about the host in the right panel: the time duration the host has been up and running, the timestamp of its last update, and the component that was updated.

BloxOne Threat Defense – January 26, 2021

New Features and Enhancements

The Cloud Services Portal provides an option to restart an on-prem host from the Troubleshoot menu on the Manage -> On-Prem Hosts page.

You can now restart an on-prem host from the On-Prem Host -> Troubleshoot menu on the Manage ->On-Prem Hosts page of the Cloud Services Portal.

The Cloud Services Portal provides an option to select the network interface for the traceroute and traffic capture troubleshooting operations.

On the Cloud Services Portal, you can now select a specific network interface on the on-prem host for the traceroute and traffic capture troubleshooting operations from the On-Prem Host 
-> Troubleshoot menu on the Manage ->On-Prem Hosts page.

The Cloud-based Data Connector adds additional fields to the CEF, LEEF and CSV reporting messages.

The Cloud-based Data Connector adds the following fields to the CEF, LEEF, and CSV reports for Splunk and Infoblox Reporting: Client MAC, Customer Site ID, Policy ID, Domain Category and splitting a field into Threat Property, Threat Confidence, and Threat Level.

The Cloud Services Portal enhances tag management by providing the ability to reactivate previously revoked tags.

You can now reactivate a revoked tag that you deem useful again. When you reactivate a tag, the tag will associate with the objects to which it was previously assigned. The tag will also retain its original set of values.

BloxOne Threat Defense – January 21, 2021

New Feature

Infoblox introduces support for ForgeRock as the newest 3rd party identity provider for BloxOne products using the SAML 2.0 protocol.

As the SSO administrator, you can now configure ForgeRock, in addition to Okta and Azure AD, as the 3rd party IdP using the SAML 2.0 protocol.

BloxOne Threat Defense – December 12, 2020

New Features and Enhancements

BloxOne Threat Defense Cloud provides an access authentication service that you use to authenticate users through a captive portal using third-party IdPs (Identity Providers) federation and create security policies based on user groups.

The new access authentication feature allows you to integrate third-party IdP federations, using SAML or OpenID Connect, and create authentication profiles that you associate with on-prem hosts. Using the access authentication service, you can synchronize user groups from your chosen IdPs, so you can build security policies based on user groups from Microsoft Azure AD, Okta, and Open AM. The service initially is available on virtual hosts only. The service is not supported on NIOS and physical B1-105 appliances.

BloxOne Threat Defense Cloud introduces an easy-to-use security policy configuration wizard that walks you through the step-by-step procedures in creating new security policies, so you can configure and prioritize your policies to achieve automated security policy management. The new security policy configuration flow provides the following enhancements: the flexibility to clone existing policies or create new policies from scratch, policy precedence visibility and management, and support for policies based on user groups.

The new security policy configuration wizard guides you through the step-by-step procedures when creating security policies based on user groups from Azure AD, Okta, and Open AM. It gives you the flexibility to add policy rules from scratch without predefined rules or feeds. You can also configure granular action and precedence for each policy rule and set the overall precedence among multiple security policies based on your business needs. When you need to create a new security, you can clone an existing security policy and modify its configuration to quickly create one. To provide flexibility and support for policies based on user groups, Infoblox updated the way security policies are evaluated. Previously, BloxOne Endpoint and DNS forwarding proxy had implicit precedence over the external networks. With this BloxOne Threat Defense Cloud release, the policies are evaluated in the order you define and see on the policy management page. For example, if DNS forwarding proxy is within an external network and the policy for the external network has a higher precedence than the DNS forwarding proxy policy, the policy for the external network will be applied. To apply the DNS forwarding proxy policy. you must place it at a higher precedence than the external network policy. Note that your policy precedence was updated to match the behavior defined before the upgrade.

Discovered DHCP metadata on NIOS (configured with DNS forwarding proxy) can be sent to BloxOne Threat Defense Cloud via the Data Connector. The last discovered DHCP metadata such as MAC address, DHCP fingerprint, and OS version is displayed in the DNS Activity -> DNS report and the Security Activity -> Security Events report.

When you set up your NIOS on-prem host, running the DNS forwarding proxy service, as a DHCP server and perform a discovery on it, the DHCP metadata such as MAC address, DHCP fingerprint, and OS version, will be sent to BloxOne Threat Defense Cloud via the Data Connector and populated in the DNS Activity -> DNS report and the Security Activity -> Security Events report on the Cloud Services Portal. You must set up traffic workflow through the Data Connector for the data to be sent to BloxOne Threat Defense Cloud.

The Cloud Portal Services displays the serial number of your physical appliances (B1-105), and you can search and filter the appliances by their serial number and choose to display the information as a column on the On-Prem Host page.

• • You can search the physical appliances (B1-105) using their serial number in the Cloud Services Portal by using the Search function.
  • You can filter the physical appliances by the available serial number values.
  • You can add the serial number of their physical appliances (B1-105) as a column in the Manage -> On-Prem Hosts.

BloxOne Threat Defense – November 18, 2020

New Features and Enhancements

Custom List now supports IPv6 addresses.

Custom list now supports IPv6 addresses in a similar manner as IPv4 addresses, FQDNs, or CIDRs.

BloxOne Endpoint now supports macOS Big Sur.

BloxOne Endpoint supports Apple's latest operating system, macOS Big Sur. 

Hiding the BloxOne Endpoint icon in the systray (system tray) is now an option. 

The BloxOne Endpoint icon is displayed by default in the systray. You can now hide the BloxOne Endpoint icon in your systray as an option.

The download package for Endpoint is named BloxOne Endpoint, replacing the previous ActiveTrust Endpoint.

The download package for Endpoint is renamed from ActiveTrust Endpoint to BloxOne Endpoint. If you currently have ActiveTrust Endpoint installed on your network, you will continue to receive auto-updates for Endpoint.

BloxOne Threat Defense – November 13, 2020

New Feature

The Cloud Services Portal provides contextual help that offers context-sensitive information about the page you are currently on.

You can access contextual help while performing tasks on a specific page of the Cloud Services Portal. The Help panel displays context-sensitive information about the features or tasks on the page you are currently on. You can also access the Infoblox Support Portal, the Community Portal, or the Documentation Portal through the Help panel. 

BloxOne Threat Defense – October 16, 2020

New Features and Enhancements

An Impacted Devices report has been added to Dossier's extensive set of reports.

Dossier's Impacted Devices report displays devices in your network that have queried or connected with a reported domain or IP address.

Dossier now supports custom list management directly through the Dossier interface.  

Domains and IP addresses can be added directly to your existing custom lists in Dossier. 

Dossier now supports viewing Infoblox allow listed domains information.

If a searched for domain is on Infoblox’s allow listed domain list, it will be indicated in Dossier's reports. 

BloxOne Threat Defense – September 18, 2020

BloxOne Endpoint Enhancement

Infoblox has released BloxOne Endpoint version 2.0.1. This release resolves the duplicate product IDs issue in Windows registry.

Infoblox has released BloxOne Endpoint version 2.0.1. This release resolves the duplicate product IDs issue in Windows registry. BloxOne Endpoint upgrade is automatic, and no action is required on your part.

BloxOne Threat Defense – August 29, 2020

New Features and Enhancements

An update to the on-prem host infrastructure for OVA and appliances allows for future enhancements in subsequent releases, optimizes update processes, improves scalability, and enhances network connectivity.

The update process will cause a short outage of up to two minutes to all services that are deployed on the specific on-prem host.

Please set the deferred upgrade functionality within BloxOne to a time when such upgrade can be performed. You can confirm with the Infoblox representative that the deferred upgrade functionality is set to a time when the outage will occur.

Only on-prem hosts with at least two cores and 2 GB RAM will be updated. If you have on-prem hosts that do not satisfy those requirements, you can upgrade them with additional resources before the upgrade to include them in this process.

This release offers multi-port support that allows you to separate traffic between WAN and LAN interfaces on configured on-prem hosts.

You can now separate traffic between WAN and LAN interfaces on configured on-prem hosts. Services can be run either on all interfaces, which is the default setting, or on the LAN interfaces only. Note that multi-port support requires the new on-prem host infrastructure.

Infoblox has added supported IPv6 addresses to the portfolio of BloxOne IP addresses.

Infoblox has added supported IPv6 addresses to the portfolio of BloxOne IP addresses. You can access the list of IP addresses to set up your corporate firewalls in advance. In the future, Infoblox services will be available over IPv6 within the designated range.

BloxOne Threat Defense – August 26, 2020

New Features and Enhancements

The Dossier^TM Threat Research Portal offers an enhanced "Summary" section featuring the graphical representation of information contained within the full Dossier report

The redesigned "Summary " section provides a graphical representation of threat scores as well as a graphical representation of threat indicator timelines and reputation information.  Enhancements to the following Dossier report sections have also been included with this release:

• • Current DNS
  • Related Domains
  • Related URLs
  • Related IPs
  • Related File Samples
  • Related Contacts
  • Reports
  • Timeline
  • Location
  • Raw WHOIS

Dossier now supports performing a pivot off of the threat actor properties

Pivoting can be performed on threat indicators such as email, IP address, and domain. When threat indicator information is pivoted, Dossier generates a summary report for the threat indicator being pivoted. Threat indicators properties capable of being pivoted are indicated in light blue.

Dossier now supports "breadcrumb" navigation

When performing a Dossier search, a series of visually-represented links, or breadcrumbs, representative of the path the researcher has taken during the investigation is created. The breadcrumb path can be used to review prior Dossier search returns without having to initiate a new search.  

Security-Activity Report and DNS Report now support an additional search query parameter

The Security - Activity Report and the DNS Activity Report now offer " = and the NOT (!=) " as an additional search query operator when searching report data.   

BloxOne Threat Defense – August 7, 2020

New Features and Enhancements

BloxOne Endpoint now supports endpoint assignment to a custom endpoint group at the time of its installation.

When installing a new BloxOne endpoint, the endpoint can now be assigned to an existing custom endpoint group rather than being assigned to the default endpoint group. In the endpoint service logs, you can view the metadata indicating the name of the custom endpoint group to which the newly installed endpoint has been assigned.

BloxOne Threat Defense – August 5, 2020

New Features and Enhancements

Custom user roles offer administrators the flexibility to accommodate specific access authorizations by allowing more granular control of access.

As an administrator, you can define custom user roles, in addition to a selection of Infoblox provided user roles, to accommodate for specific access authorizations. This will allow for more granular control of access.

Resetting BloxOne appliances to factory condition can be done through the Device UI by enabling local access to the appliance.

You can reset BloxOne appliances to factory condition by enabling local access through the Cloud Services Portal and logging in to the on-prem host through the Device UI. The on-prem host will still be associated with the same account, but all of the service specific settings and connectivity to the cloud will be reset.

BloxOne Threat Defense – July 27, 2020

New Features and Enhancements

3^rd party identify provider (IdP) integration allows customer identity to be federated with customer owned Okta or Azure AD identity providers via the SAML 2.0 protocol.

As an administrator, when you set up the 3rd party IdP integration, you can optionally configure group mapping between IdP groups assigned to your users and BloxOne user groups. This feature completely automates the onboarding and offboarding process of your employees. You can set up 3^rd party IdP federation in the newly released Infoblox SSO Portal.

Multi-factor authentication (MFA) can be defined based on OktaVerify when customers store their users' identity with Infoblox.

You can now define multi-factor authentication (MFA) based on OktaVerify when you store users’ identity with Infoblox. When configured, users are asked to define their MFA authentication at their first login and are required to authenticate using their chosen way of authentication on subsequent logins. You can set up MFA federation in the newly released Infoblox SSO Portal.

Data Connector – July 17, 2020

New Features and Enhancements

The cloud-based Data Connector provides syslog UDP protocol support to communicate with SIEMs or syslog collectors, in addition to the prior syslog TCP and TLS protocol support. 

The updated syslog message format will be fully compliant with RFC 5424.

Required headers (e.g. facility, severity, host) will be added and the date/time format will be updated. 

Multiple cloud-based Data Connector can now be deployed to balance the load and optimize data transfer to Infoblox NIOS Reporting. Note that NIOS version 8.5.0 or higher is required.

Security event updates for BloxOne Threat Defense (Business Cloud and Advanced).

The security events in CEF/LEEF will be updated, as follows:

The Severity field matches data in the reports.

Redirect policy action will be reported as “Redirect” (previously reported as “TCP Only").

BloxOne Threat Defense – June 19, 2020

New Features and Enhancements

Eight additional reporting widgets have been added to the original seven reporting widgets available on the Cloud Services Portal Dashboard page. 

The following reporting widgets have been added to the original reporting widgets:

• • Top Web Destinations
  • Top Blocked Web Destinations
  • Top Devices by Total DNS Activity
  • Configuration and Endpoints
  • Devices by Type
  • Top Detected Threats
  • Top Threat Feeds
  • Top Attackers 

BloxOne Threat Defense – May 30, 2020

New Features and Enhancements

Two new comprehensive reports, DNS Activity Report and Activity Security Report, are available to assist in monitoring traffic activity on your network.

The DNS Activity Report monitors all DNS activity on your network. The report consolidates the DNS Report, DNS Source Report, DNS Devices Report, and the DNS Users Report into one easily understandable, comprehensive report. Each individual report is also available for viewing. 

The Activity Security Report monitors all activity and security events occurring on your network. The report consolidates the Security Events Report, DNS Firewall Report, Web Content Report, Threat Insight Report, Devices Report, Users Report, and Sources Report into one easily understandable, comprehensive report. Each individual report is also available for viewing. 

TIDE – May 28, 2020

New Features and Enhancements

TIDE now supports searching for IPv6 and search queries for emails and checksums/hashes (MD5).

In addition to host, ip, url, threat type searches, TIDE now supports IPv6, email, and checksum/hash (MD5) searches. Email address records are known to be malicious.

BloxOne Threat Defense – May 11, 2020

New Features and Enhancements

The task of moving a BloxOne Endpoint to an Endpoint Group has been simplified and made more efficient.

Moving one or more BloxOne endpoints to an endpoint group can now be accomplished directly on the Endpoints page without having to edit the endpoint group configuration page. Changes to ATCAPI means that BloxOne Endpoint accommodates even more data. In the Cloud Services Portal, the ability to add an endpoint to a group on the Endpoints Groups page has been removed and replaced with a new Move Endpoints dialog box making the move process much more user-friendly and expeditious.

Customer-defined threat and confidence scores can now be applied to Custom and Threat Insight lists.

By assigning a customer-defined threat level and confidence score, the default threat level and confidence score can be overridden and the user-defined values applied instead.

BloxOne Threat Defense – May 8, 2020

New Features and Enhancements

Where an authoritative server includes CNAME RDATA, DNS domain, or subdomains requests not included in a feed, a block/redirect policy is applied.

When a DNS request is made for a domain or subdomain not included in a feed, if the upstream, authoritative server includes CNAME RDATA, then a block/redirect policy will be applied to the request.

BloxOne Threat Defense – April 21, 2020

New Features and Enhancements

New dark color scheme on the Cloud Services Portal enhances viewing experience in low-light environments.

Infoblox introduces a new dark color scheme on the Cloud Services Portal, which delivers an alternative viewing experience to users. Dark color scheme can be beneficial in low-light environments. You can switch between light mode and dark mode in User Preferences. 

Automatic upgrades on the on-prem hosts ensure that your hosts are secure and contain the latest updates in functionality.

Infoblox now automatically upgrades your on-prem hosts, physical or virtual, with new versions of services. This is implemented to ensure that your on-prem hosts are secure and contain the latest updates in functionality. Most of the updates happen in the background without any need to restart services or without any interference in the function of services deployed on the on-prem hosts. In some cases, there is the need for a service restart, which could interrupt those services for a few seconds. We understand that those few seconds at the wrong time of the day could affect your business. Therefore, we are adding the ability for you to schedule these updates to a specific time window during the week. The one-time update time will take into consideration the time zone set for the specific host. For example, setting an update window for Saturday from 6 to 10 a.m. would perform pending updates between 6 and 10 a.m. on Saturday CET in Berlin, EST in New York, and CST in Beijing. You can alternatively defer updates up to four weeks for the most critical times of the year.

Defining notification settings by user groups helps reduce the number of notification messages for specific users. 

You can now use user groups to define notification settings to reduce the number of notification messages users receive to a subset that is important to them. For example, you can configure for the administrator to receive account and host related notifications via e-mail, other users receive host and service notifications in-app only, while pager duty services could be used just for specific service notifications. You can also add additional text to e-mail notifications, for example, to identify next steps in resolution. 

Enabling multiple Cloud Data Connectors to receive data from a single NIOS Grid provides flexibility and improves performance during the transfers of log data.

If you use NIOS in connection with BloxOne, you can now leverage increased scalability of the Cloud Data Connector (CDC) service. Several CDCs can be set up to receive data from a single NIOS Grid, providing increased flexibility and performance in transferring your NIOS log data.

BloxOne Threat Defense – April 9, 2020

New Features and Enhancements

Infoblox InfoRanks data reports information for the most popular second-level domains (SLD) updated daily from aggregated data collected from multiple sources. 

The Infoblox InfoRanks list provides the most popular second-level domains (SLDs) updated each day from an aggregated dataset based on DNS records from various data sources. The process used to determine the rank for each domain includes count information in combination with statistical inference techniques to accurately estimate all second-level domains' true ranks over time. 

Dossier Usage Reports has been revamped to include License Summary information.

Dossier Usage Reports are available to administrators of BloxOne Threat Defense Business On-Premises, BloxOne Threat Defense Business Cloud, and BloxOne Threat Defense Advanced subscriptions. The reports display data for an organization’s or a team’s TIDE and Dossier usage. Three Dossier usage reports are available; License Summary, User Summary, and Transactions. 

BloxOne Threat Defense – April 6, 2020

New Features and Enhancements

Multiple data connectors can now be configured per NIOS grid.

Each member of NIOS grid master can be configured using multiple data connector when sending the DNS Query/Response logs and RPZ Logs.

BloxOne Threat Defense – February 25, 2020

New Features and Enhancements

Custom Lookalike Domain Monitoring allows users to detect potential lookalike domains targeting their domain.

This feature provides the power of the global lookalike domain feature to be targeted for specific critical domains for the user. You can now add the company's own domain, or domains frequently visited by or controlled by the organization in order to provide advanced warning of common attack vectors. With this, users can potentially avert unknown attacks, and prevent potentially 'brand-affecting" incidents. To use Custom Lookalike Domain Monitoring, a user supplied list of critical domains are compared against Infoblox's database of known registered domains to identify potential lookalike domains. If a detection does occur, you will be notified via the Cloud Services Portal and via email. Custom Lookalike Domain Monitoring is available for subscribers of BloxOne Threat Defense Advanced.

DNS over HTTPS (DoH) Solution comprises a suite of tools supporting security policy enforcement to prevent the bypass of your security policies to 3rd-party DoH servers. 

DNS over HTTPS (DoH) will soon be supported by all major browsers. While DoH offers privacy for some users, this may be at the expense of security best practices within an organization. Organizations wishing to provide security policy enforcement through DNS may wish to prevent the bypass of your security policies to 3rd-party DoH servers. This feature provides a threat intelligence feed called “Public-DoH” (public-doh.infoblox.local), which provides a negative response to “DoH Canary” domains (such as use-application-dns.net), which signals compliant browsers that DoH should not be used within the existing environment. The Infoblox DNS over HTTPS (DoH) Solution is available for subscribers of BloxOne Threat Defense Essentials, BloxOne Threat Defense Business On-Premises, BloxOne Threat Defense Business Cloud, and BloxOne Threat Defense Advanced.

The Infoblox DNS over HTTPS (DoH) Solution is comprised of the following items: 

• • Policy threat intelligence feeds for DoH: Provides the ability to control the DNS access method used to detect and mitigate threats by disabling DoH-based security policies. A threat intelligence feed containing canary domains is available to achieve this.
  • Enable DoH Feed in Cloud Services Portal: Makes the DoH feed available through the Cloud Service Portal UI.
  • DoH Policy feed for known DoH domains and IPs: Adds the DoH domain and IP feed data to TIDE. 
  • Dossier update of DoH domains/IPs: Provides the ability to review DoH-related domains and IPs within Dossier. 
  • RPZ creation for the policy domains: Provides a threat intelligence feed called “Public-DoH” (public-doh.infoblox.local), which provides a negative response to the “DoH Canary” domains (such as use-application-dns.net), which signals compliant browsers that DoH should not be used within the existing environment.

Data Connector Enhancements allows users to forward DNS Firewall logs data.

With this release, Data Connector has been enabled to forward DNS Firewall logs (RPZ logs) to Splunk and Infoblox Reporting. Data Connector is available for subscribers of BloxOne Threat Defense Business Cloud, Advanced and Security Ecosystem Business.

Threat Insight BloxOne Cloud Usage of TIDE Global Allow list.

With this release, any domain that is in the allow list is not added to the RPZ. This feature enhancement provides a dynamic allow list for TIDE, partially created from the user’s high impact domains that make up the TIDE global allow list. Using a dynamic allow list will prevent the list from going stale. Threat Insight BloxOne Cloud Usage of TIDE Global Allow List requires a subscription to Threat Defense Business Cloud or BloxOne Threat Defense Advanced and Threat Intelligence Data Exchange (TIDE).

Comprehensive Security Report provides data and statistics which can be exported to other security tools.

The Comprehensive Security Report purpose is to inform and familiarize the user with the data and statistics available when in BloxOne Threat Defense. From this report, you can determine what information is to be displayed in the Cloud Services Portal. Additionally, information from this report can be exported to your SIEM or integrated into other security tools. The Comprehensive Security Report is available to subscribers of BloxOne Threat Defense Business Cloud and BloxOne Threat Defense Advanced. The Comprehensive Security Report is unavailable for BloxOne Threat Defense Essentials or for BloxOne Threat Defense Business On-Premises subscribers.

Executive Summary Report provides data reporting for data exfiltration Activity and unauthorized web categories.

This Executive Summary Report enhancement adds two additional report types to the already available report: Data Exfiltration Activity and Access to Unauthorized Web Categories. The Data Exfiltration Activity report documents the unauthorized transfer of data from a computer. DNS threat analytics can detect and automatically block data exfiltration attempts via DNS, without the need for endpoint agents or additional network infrastructure. The target domains can originate from any geographic location. The Access to Unauthorized Web Categories report displays a breakdown of web activity to sites classified by the user as unauthorized by means of a content category. The Executive Summary Report is available to subscribers of BloxOne Threat Defense Business Cloud and BloxOne Threat Defense Advanced. The Executive Summary Report is unavailable for BloxOne Threat Defense Essentials or for BloxOne Threat Defense Business On-Premises subscribers.

BloxOne Threat Defense – January 14, 2020

BloxOne Threat Defense Cloud New Features and Enhancements

Replacing On-Prem Hosts

When you plan to replace an on-prem host with a new one, Infoblox now offers a “Replace” functionality to support zero-touch provisioning through the Cloud Services Portal. You can set up the new host and connect it to the Cloud Services Portal through zero-touch provisioning, while the old host is inactive. The replace function will automatically move the service configuration from the old host to the new one without the need to configure individual services. Services from the old host will be removed, and the host will be in the Pending state, which will require approval to rejoin the BloxOne Cloud.

Security Enhancement

BloxOne Cloud offers a security enhancement that allows you to disconnect problematic on-prem hosts due to misconfiguration or theft in the case of a physical host. You can disconnect the affected on-prem host from the BloxOne Cloud, which will stop all the services on the host. When you disconnect the host, it is no longer accessible from the cloud and is disconnected at the first reconnection to the internet. The on-prem host can be reconnected to the BloxOne Cloud only through a new zero-touch provisioning process, using a new token or a specific approval from the administrator in the case of a physical hosts.

Additional Diagnostic Tools

Infoblox has implemented additional diagnostic tools that administrators can use to get more visibility into individual on-prem hosts. Administrators can execute these tools on selected on-prem hosts and display the diagnostic results in a browser connected to the BloxOne Cloud, with the ability to download the results as well. The new diagnostic tools include the following: Traceroute, DNStest, Traffic Capture, NTP test, and the display of DNS and DHCP configuration file from the on-prem hosts.

Delivering RPZ Logs to On-Prem SIEMs

NIOS users who use the BloxOne Cloud can now benefit from an advanced Data Connector feature to deliver the RPZ logs to the on-prem SIEMs in CEF or LEEF format. They can also deliver the data to Splunk for reporting purposes in the CSV format.

Page Settings

The Cloud Services Portal now saves the last settings of a specific page, including filters and displayed columns. When you leave the page and log back in, the page will display information using the last configured filters and displayed columns. When necessary, you can reset the page configuration to default, which will remove the filters and restore to the default columns.

Notifications Enhancements

You can now integrate additional services, such as PageDuty and Webhooks, to receive notifications.

User Permissions Enhancements

This release expands user roles to include more granular permissions. For each user role, users can view all the supported permissions in the detailed panel to gain more visibility.

BloxOne Threat Defense – December 5, 2019

BloxOne Threat Defense Cloud Enhancement

User Experience Enhancement

This release of BloxOne Cloud introduces a modern, more dynamic, user experience. Main menus have been moved from the top of the screen to the left-hand side, where they can be expanded to show accordion-style, sub-menus or can be collapsed to display only individual icons when not in use. All workflows will remain unchanged.

Resources

This release of BloxOne Cloud introduces three new research and resource tools: Alexa Top, Default TTL (time-to-live), and Excluded Bogon List. Alexa Top is a tool that ranks the most popular sites on the Internet based on popularity. The default TTL list displays each threat class’s default time-to-live value. The Excluded Bogons List allows customers to view or edit lists of invalid IP ranges that may be used by malicious entities.

BloxOne Threat Defense – November 25, 2019 

BloxOne Threat Defense Cloud New Feature

Enabling and Disabling of Geolocation Support for Security Policies

This release of BloxOne Cloud provides the ability to enable or disable geolocation support on a per-policy (per-customer) basis when resolving DNS queries.

BloxOne Threat Defense – November 22, 2019

BloxOne Threat Defense Cloud Enhancement

Infoblox Eastern Europe and China Policy (EECN) Policy Zone Modification

As businesses and supply chains have evolved, we now find many customers have offices, business partners, and supply chains that extend into many of the European countries which are part of the European Union. To accommodate theses customers, the newly updated Eastern Europe and China Policy (EECN )policy zone now excludes those countries that are part of the European Union. The updated policy zone will now only include Belarus, China, Moldova, Russian Federation, and Turkey, countries who are not members of the European Union.

BloxOne Threat Defense – October 28, 2019

BloxOne Threat Defense Cloud New Features and Enhancements

Executive Summary Report

This release of BloxOne Cloud introduces the Executive Summary Report. The Executive summary report provides high-level, cyber-security information utilizing highly informative visuals and key metrics delivered in an easy to read and highly understandable format. The information contained within the executive summary report is typically used to report the state of the business and its cybersecurity efforts to other interests within the organization. Graphics and visuals generated within the report can be incorporated into other reports or can be included in PowerPoint and other presentations. 

Dashboard Update

This release of BloxOne Cloud introduces a new Cloud Services Portal Dashboard page. The updated dashboard displays new widgets and the ability to print the page/screen.

BloxOne Threat Defense – October 24, 2019

BloxOne Threat Defense Cloud New Features

DNS Forwarding Proxy Service Level Logging

This release of BloxOne Cloud provides DNS Forwarding Proxy service level logs when deploying standalone and DNS Forwarding Proxy and NIOS. DNS Forwarding Proxy service logs assist in managing operations and workflows.

Audit Log Viewing

Audit logs can now be viewed in BloxOne Cloud. When an administrator makes changes to a BloxOne Threat Defense Cloud configuration through the UI or API, the configuration changes are logged in the audit log. Logged configuration information includes the username of the person updating or modifying the configuration, the IP address from where the configuration changes originated, the object name or configuration option being changed, such as named lists, bypass lists, DNS forwarding proxy, internal domains, enabling and disabling of apps on an on-prem host, etc., and the new configuration values.

Custom List Improvements

When adding domains or IP addresses to a custom list, an additional description field for entries has been added.

Bypass List IPv6 Support

This release of BloxOne Cloud provides IPv6 address support for bypass internal domains lists.

Root Certificate for Bypass Codes and Blocked Page Relocation

The root certificate required when creating bypass codes for blocked pages has been relocated to the Downloads page under the Administration tab.

Scaling of Custom RPZ Feeds - Phase 2: Threat indicators

This release of BloxOne Cloud provides the option of creating a custom RPZ feed containing malicious threat indicators (domains and IP addresses) and wildcard rules for blocking threat indicators residing on subdomains. The custom RPZ feed is customer-generated and is limited to 10,000 or fewer records with an expiration TTL within the range of 1 to 30 days. The custom RPZ feed can be fetched using a preconfigured TSIG key in the account which works only with the associated custom zone.

Data Connector Enhancement

Enhanced traffic Flow Status and Syslog Destination

This release of Data Connector provides enhanced traffic flow status information and generic syslog destination including BloxOne Cloud. 

BloxOne Threat Defense – October 1, 2019

BloxOne Threat Defense Cloud New Features

• Role-based Access Control
  
  • This release of BloxOne Cloud provides improved access control for customers with introduction of user groups, roles, and permissions. Assigning individual users to different user groups will change the permissions for the user. To make this process easier, Infoblox provides a set of default user groups corresponding to the "Administrator" and "User" roles, and adds new user groups for BloxOne DDI Administrators, BloxOne TD Administrators, BloxOne DDI Users, BloxOne TD Users, and Account Management. To keep existing access for users, no action is necessary. Infoblox will automatically assign existing users to the Administrators and User user groups based on their current access.

• Managing Tags
  
  • For the purpose of easier grouping and identification of objects (such as hosts) within BloxOne Cloud, Infoblox is expanding the capabilities of tags to include “restricted” tag type in addition to the previously existing “free-form” tags. With restricted tags, users have to choose the tag value from a set of previously defined choices, whereas the free-form tags can either accept any text as a tag value or any text that corresponds to previously specified pattern.

• Troubleshooting Physical On-Prem Hosts
  • When an on-prem host is experiencing issues, troubleshooting problems can be accomplished using the Device UI. The Device UI displays a comprehensive view of the networking health for your on-prem host and can be used to perform corrective actions to address applicable issues.

• Notification Enhancements
  • In this release, the notification enhancements allow you to choose between pager duty or custom for notifications and use a custom SMTP server for receiving alerts and notifications. Other enhancements include the ability to enter a name for the notification service, the ability to enter a URL for the notification service, and the ability to define and test authenticity for the notification service.

• Host Type Display and Sorting
  
  • The Cloud Services Portal now displays the host type, and sorting based on host type is also supported.

Dossier Enhancement

• This release of Dossier includes additional threat information, including threat, confidence, and risk scores for reported threats. Using threat, confidence, and risk scores, more informed decisions can be made regarding potential threats impacting your network.

Data Connector New Feature

• Best Practices

This release of Data Connector introduces configuring and monitoring of threshold levels for Host CPU Usage, Host Disk, Usage, and Host Memory Usage. Threshold level notifications of events are reported via the Cloud Services Portal.

• Traffic Flow Health Status

This release of Data Connector introduces reporting of the end-to-end, health status and details for individually configured traffic flows. Details for individual traffic flows can now be viewed in the traffic flows Details pane.  

BloxOne Threat Defense – July 31, 2019

BloxOne Threat Defense Cloud New Features

• InfoBlox Cloud Data Connector
  • The Infoblox Data Connector is a utility designed to collect DNS query and response data and security logs from specified sources, and transfer the data to defined destinations such as the BloxOne Threat Defense Cloud, Infoblox NIOS reporting server, and supported SIEM (Security Information and Event Manager), such as Splunk, QRadar, EMS, and ArcSight.

• BloxOne Endpoint Bypass Mode
  
  • BloxOne Endpoint bypass mode has been streamlined, providing more control and increased security. By enabling BloxOne Endpoint bypass mode for a BloxOne Endpoint group, you can define your own domain and response for On-Prem DNS service protected by DNS Firewall. With deployed DFP appliances (in auto mode), a unique and hashed response using a probe token, detects if an endpoint is located in a protected environment. If the endpoint is in a protected environment, then the endpoint must adhere to the policies defined for the location.

• DNS Anycast support on DFP
  • Anycast describes a one-to-nearest communication between a single sender and the nearest recipient within a group. The routing protocol chooses one recipient within a target group based on the routing algorithm for the specific protocol, and sends data to that recipient only. DNS Anycast provides the following benefits: Improved Reliability, Load Distribution, and Improved Performance.

• Second Anycast IP address
  • For improved resilience, a second DNS Anycast IPv4 address, 103.80.5.100, is available for DNS server forwarding configuration when used with DNS Forwarding Proxy and BloxOne Endpoints.

• Activity Report
  • The Activity Report includes information about cloud and on-prem activities and provides powerful data visualization capabilities utilizing extensive filtering and search capabilities.

• Active Indicators
  • The Active Indicators search tool enables filter-based searches of threat indicators by data type, threat class/property, and data provider. The indicator data returned from a search is displayed on the Active Indicators page. The returned indicator search data can also be exported in CSV, JSON, and XML formats. Active Indicator data is also available through the API.

• Internal Domains
  • The"Bypass Domains" feature has been renamed "Internal Domains." The updated Internal Domains feature now supports multiple internal domains lists along with raising the maximum number of internal domain entries to 3,000 records (in total).

Data Connector New Feature

• InfoBlox Cloud Data Connector

This release of BloxOne Threat Defense Cloud introduces a new workflow that streamlines the Data Connector deployment process. In your hybrid cloud environment, you can deploy the Data Connector as a service on an on-prem host and connect it to BloxOne Threat Defense Cloud, so you can configure and manage the Data Connector through the Cloud Services Portal. You can deploy the Data Connector as a service on virtual machines in an infrastructure of your choice using the Docker or OVA package that Infoblox provides.

BloxOne Threat Defense – July 13, 2019

BloxOne Threat Defense Cloud New Features

• On-Prem Host Management
  • This release of BloxOne Threat Defense introduces a new workflow that streamlines the deployment of DNS forwarding proxies. The workflow uses a secure join token mechanism to authenticate and deploy virtual appliances that you configure in your VM environments.

• Notifications
  • The Cloud Services Portal now displays notifications for specific events, such as license expiration or CPU usage. Infoblox implements deduplication for notifications to prevent notification floods, which identifies identical notifications and sets a grace period to stop duplicated notifications before sending them again.

• Response Rate Limiting
  • Using Response Rate Limiting (RRL), the controlling of excessive UDP responses that are the same or similar can be accomplished through configuration of the DNS Forwarding Proxy.

BloxOne Threat Defense – June 15, 2019

BloxOne Threat Defense Cloud New Features

• Access to Dossier from within the Cloud Services Portal Security and Category Reports
  • When viewing the Security or the Category reports in The Cloud Service Portal, a Dossier threat report can be invoked  by selecting a threat indicator from the Hits tab and clicking on either the Query or Response information associated with the threat indicator. The Dossier report for the threat indicator will be displayed in a new browser tab.
    
    
• Scaling of threat intelligence through custom RPZ feeds
  
  • Custom RPZ feeds can now be configured and deployed by customers with malicious indicators scaled (domains and IPs) for smaller devices. 
    
    
• New infoblox BloxOne Threat Defense licensing and subscriptions
  
  • New information added describing the new Infoblox BloxOne^TM Threat Defense subscriptions: BloxOne^TM Threat Defense Essentials, BloxOne^TM Threat Defense Business On-Premises, BloxOne^TM Threat Defense Business Cloud, and BloxOne^TM Threat Defense Advanced.
    

BloxOne Threat Defense – May 8, 2019

TIDE Enhancements

TIDE Threat Data Filtering by Threat Score, Risk Score, and Confidence Score

TIDE now supports extended threat data filtering via the API based on score (numeric), score rating (qualitative), and vector score (vector string).

• Threat data filtered queries can be made for rating, score, and for a range of scores.

BloxOne Threat Defense – April 26, 2019

BlpxOne Threat Defense Cloud New Features

• Security Policy - Block-Bypass / Override

  • Users receiving a blocked DNS query when using BloxOne Threat Defense Cloud can retrieve a valid bypass code from their network administrator. Bypass codes override content filtering, granting temporary access to restricted web content.

• DNS Forwarding Proxy Fallback to a Local DNS Server
  •  If BloxOne Threat Defense Cloud is unreachable, the DNS Forwarding Proxy will fall back to the DNS resolver instead of the default DNS resolution path. Using DNS Forwarding Proxy fallback, remote offices can be protected even when BloxOne Threat Defense Cloud is unavailable.

BloxOne Threat Defense Cloud Enhancements

• Block/Redirect of Unknown and Uncategorized Domains
  • Unknown and uncategorized domains can now be blocked or redirected, preventing access to potentially harmful websites. Besides the default redirect page options, a custom redirect option is also available, allowing you to create and customize the redirect page as well as displaying contextual information and actions.

• On-Prem DNS Firewall TSIG Key SHA Format Support
  • BloxOne Threat Defense Cloud now supports HMAC-SHA256 256-bit encryption for generating on-prem DNS Firewall TSIG keys. You can choose between the current MD5 128-bit algorithm and the newly supported SHA256 256-bit encryption algorithm when configuring your feed distribution servers.

• UI/UX Enhancements to Security Policies Pages
  
  • The Cloud Service Portal security policies pages have a new look and feel through the adoption of a composite UI design framework, utilizing the current best practices in delivering high quality, user-centric experiences when interacting with the Security Policies, Custom Lists, and Category Filters pages.
    

• TIDE - Migrating Dossier Usage Data Pages to the Cloud Services Portal
  
  • The Dossier Metric Reports have been migrated from the TIDE platform to the Cloud Service Portal. The following three Dossier reports are available to account administrators:
    • Organizational Summary
    • User Summary
    • Transactions

• Tracking of Private BloxOne Endpoint IP Addresses through the Threat API
  
  • Tracking of BloxOne Endpoint private IP addresses, as well as public IP addresses, is now available via the BloxOne Threat Defense Cloud Threats API.

• Allow List Enhancements
  
  • The Threat Insight allow list now offers more refined internal governance in combination with more active curation and monitoring, resulting in far fewer false positives impacting your network operations.

BloxOne Threat Defense – March 13, 2019

TIDE Enhancements

TIDE Threat Data Filtering by CIDR range or CIDR ranges

TIDE now supports threat data filtering via the API by CIDR range and multiple CIDR ranges.

• Threats can be filtered by specifying a single CIDR range or by specifying Multiple CIDR ranges. Multiple CIDR ranges can be filtered using either a comma or an ampersand to separate multiple CIDR ranges in the API query. 

BloxOne Threat Defense Cloud – December 10, 2018

New Feature

• Inclusion of IP metadata
  • The inclusion of IP metadata (MAC address, Source IP, etc.) in BloxOne Threat Defense Cloud reports allowing for easier correlation of events.
    

BloxOne Threat Defense Cloud – December 3, 2018

New Feature

• Public API Expansion for BloxOne Threat Defense Cloud
  • Three additional public-facing APIs; Hostname, Tagging, and Audit Log are available for ATC. Each of the new API calls can be run via a Swagger page.

Enhancements

This release adds the following enhancements related to the Cloud Services Portal:

• Cloud Services Portal login and landing page redesign

  • The Cloud Service Portal login and landing pages have been completely revamped. The landing page now boasts a new, user-centric design focused on assisting the user in getting started with important tasks such as defining networks, creating custom lists, and configuring security policies. Important tasks are determined based on license entitlement and user role. The landing page also makes it easier for you to explore content and get questions answered on topics such as partner integrations, community resources, and receiving support.

• Cloud Services Platform navigation updates
  

  • An improved navigation structure utilizing current best practices complementing a new look and feel has been adopted for the Cloud Services Platform. The navigation changes have been implemented to better facilitate user productivity and user experience when interacting within the portal’s ecosystem by reorganizing and optimizing user workflows and categorizing system features into logical groups.
• UI changes include the following:

  • A newly redesigned Welcome page: The landing page now makes it easier for you to get started with important tasks, explore content, and get answers.

  • Relocation of features into logical work groups and workflows, enhancing productivity and usability and optimizing efficiency. For example, the introduction of the Policies tab to BloxOne Threat Defense Cloud and BloxOne On-Prem customers for items that were previously located under the Manage and Administration tabs.

  • The BloxOne DNS Forwarding Policy (DFP) Configuration page has been renamed On-Prem Hosts and relocated under the Manage tab.

  • The Analyze page’s left side panel has been reorganized into two sections: Research and Reports. Under Reports, DNS Requests, Security, Category, Data Exfiltration, Malware, and Command and Control reports can be found. Dossier and Threat Look Up are available in the Research section.

  • Under the Administration tab, a new Downloads page has been added. By consolidating all downloads and placing them on their own page, you can easily locate any download needed which greatly enhances the user experience. In the Downloads section, BloxOne Endpoint Download has been renamed to Endpoint Download, BloxOne DNS Forwarding Proxy to On-Prem Hosts, and Download Data Connector VM to Data Connector.
• New Cloud Services Portal site navigation

  • • • Many features within the portal’s ecosystem have been organized into logical workflows and workgroups. The following table lists the new navigation schema and the corresponding menu items residing under each tab.
        

        TAB	MENU ITEM
        Manage	On-Prem Hosts
        	External Networks
        	Endpoints
        	Bypassed Domains
        	TI Data Exchange
        Policies	Security Policies
        	Redirect
        	On-Prem DNS Firewall
        Analyze	DNS Requests
        	Security
        	Category
        	Data Exfiltration
        	Malware
        	Command and Control
        	Dossier
        	Threat Lookup
        Administration	License Entitlements
        	Users
        	Alerts
        	User Audit Logs
        	DNS Response Logs
        	Data Connectors
        	Downloads
        	Support

• S3 bucket support for multiple data formats
  • With enhanced S3 bucket support, you can now convert file formats from Parquet to CEF, JSON, and CSV based on their own requirements when pulling data directly into their systems

TIDE – October 17, 2018

Enhancements

TIDE data can now be requested through the API without headers and using a custom delimiter or delimiters.

• Data Request without Headers 
  TIDE data may now be requested without headers through the API. When requesting data without headers, the following values will not be returned: id, batch_id, class, detected, ip, url, hostname, property, threat_level, and header text.
• Data Request using a Custom Delimiter
  A custom delimiter, or delimiters, may now be used when requesting TIDE data using the API. IPs, Hostnames, and URLs can all be retrieved using a custom delimiter.

BloxOne Threat Defense Cloud – September 5, 2018

Enhancements

• Dossier Bulk API
  • Dossier Bulk API calls are now supported. Using the Dossier Bulk API call, it is possible to make calls containing multiple indicators at the same time. With this release, up to 100 indicators may be submitted per call. It is no longer necessary to make each indicator call separately. This enhancement is available for Cloud and On-Prem customers.
• Dossier Export to PDF
  • Dossier reports may now be exported to PDF for download.
• Policy Precedence
  • As part of ATC’s policy precedence, Custom Lists and Category Filters have been relocated under Security Policies (Manage -> Security Policies), where each is available under its respective tab.
• Threat Insight Reports
  • Threat Insight reports have been restructured using a tabular format promoting better usability and easier access to information. The three Threat Insight reports, ‘Malware’, ‘Command and Control’, and ‘Data Exfiltration’, are each available under their own separate tabs along with the specific report’s details. This enhancement is available to Cloud and On-Prem customers.
• IP Address Configuration for Infoblox Threat Intelligence Feeds
  • When configuring your Infoblox Threat Intelligence RPZ feeds, IPv6 addresses can now be used when setting up the feeds distribution server and the feeds notification server. This enhancement is available to Cloud and On-Prem customers.
• New Feeds
  • New feeds are available to Cloud and On-Prem customers, depending on your subscription level. The new feeds are as follows:
    • Cryptocurrency Feed
      • This feed identifies threats allowing malicious actors to perform illegal and/or fraudulent activities allowing cryptocurrency mining to occur without the site user’s consent. This feed identifies malicious or unauthorized use of resources, including coinhive, which can be embedded into a site owner’s web pages to lie cryptocurrency with the visitor’s permission as an alternative to web banner advertising; cryptojacking, where malicious actors use in-browser mining without the victim’s consent; and cryptocurrency mining pools working together to mine cryptocurrency. The Cryptocurrency feed is available at the Plus and Advanced subscription levels.
    • Spambot DNSBL IP Feed
      • In DNSBL format, this feed contains IPs of known spam servers. The Spambot DNSBL IP feed enables protection against computers or bot nodes acting as part of a botnet by sending out spam. This feed can be used to assist in blocking incoming spam and other potentially malicious emails from known spam sources by feeding into your email platform or appliance. The Spambot DNSBL IP feed is available at the Advanced subscription level.
    • NCCIC Host & IP Feeds
      • DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24×7 cyber situational awareness, incident response, and management center that serves as the hub of information sharing activities among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. Indicators contained in this feed appear on the watchlist from the National Cybersecurity & Communications Integration Center (NCCIC) and are not verified or validated by DHS or Infoblox. The NCCIC Host & NCCIC IP feeds are available at the Standard, Plus, and Advanced subscription levels.

Dossier – September 5, 2018

Enhancement

• Dossier Bulk API
  Dossier Bulk API calls are now supported. Using the Dossier Bulk API call, it is possible to make calls containing multiple indicators at the same time. With this release, up to 100 indicators may be looked up per call. It is no longer necessary to make each indicator call separately. This enhancement is available for Cloud and On-Prem customers.

BloxOne Threat Defense Cloud – July 31, 2018

New Features

• BloxOne Endpoint Groups
  • When applying security policies to multiple BloxOne Endpoint devices, you can make the process more efficient by organizing the endpoint devices into BloxOne Endpoint groups. You can then add the endpoint groups to the network scope when you configure a security policy. Note that BloxOne Threat Defense Cloud comes with a default endpoint group called All BloxOne Endpoints (default) that is associated with the default global policy.
• Precedence Ranking and Rule Actions for Security Policies
  • This release of BloxOne Threat Defense Cloud gives you the ability to configure precedence ranking and rule actions for your security rules based on your business requirements. When you configure security policies, you can now add any configured BloxOne Endpoint groups to the network scope. You can also define the precedence order for the custom lists and category filters you add to the security policy as well as overriding the precedence ranking for the threat intelligence feeds and Threat Insight rules that are inherited from the default global policy. Depending on your business needs, you can also define specific actions for all the rules in your security policy.

TIDE – July 10, 2018

Enhancement

TIDE Metric Reports

The following additional information is now available when running TIDE metric reports:

• • Dossier Report
    The Dossier Org Summary report and Dossier User Summary report will bring back the following additional information: Organization Name, Party Number, MDM Party ID, and Storage ID. The Dossier Transactions report will bring back the following additional information: Organization Name.
  • Login Report
    The Login User Summary report and Login History report will bring back the following additional information: Organization Name.

BloxOne Threat Defense Cloud – June 29, 2018

New Feature

• DNS over TLS (Transport Layer Security)
  • BloxOne Threat Defense Cloud now runs DNS over TLS for communication between clients (including the latest versions of the BloxOne Endpoint and the DNS Forwarding Proxy) and its cloud infrastructure. DNS over TLS is an IETF standard and provides full-stream encryption that makes your DNS service more resistant to certain types of attacks. It also allows BloxOne Threat Defense Cloud to use just TCP port 443 for communication, which simplifies your setup and provides you with a better out-of-the-box experience.

BloxOne Threat Defense Cloud – June 19, 2018

New Features

• Support for CSV Export
  • This release supports exporting data to CSV format. You can export data to CSV files for the following functions: Security Report, Category Report, Data Connectors, Portal Users, and License Entitlements.

Dossier – May 23, 2018

New Feature

• Dossier 2.0 (early release)
  Dossier 2.0 has been redesigned and re-engineered from the ground up to provide a more powerful set of threat research and analysis tools, making the threat research experience faster, easier, and more effective. Dossier 2.0 resides within the Cloud Services Portal, meaning you are no longer redirected away from the Cloud Services Portal when using Dossier’s threat intelligence tools.

BloxOne Threat Defense Cloud – May 23, 2018

New Features

• BloxOne Dossier 2.0 (early release)
  • Dossier 2.0 has been redesigned and re-engineered from the ground up to provide a more powerful set of threat research and analysis tools, making the threat research experience faster, easier, and more effective. Dossier 2.0 resides within the Cloud Services Portal, meaning that you are no longer redirected away from the Cloud Services Portal when using Dossier’s threat intelligence tools.

• Detection for Dictionary DGAs
  • This release adds the detection for Dictionary DGA domains. Dictionary DGA detection uses lexical analysis to detect domains based on wordlists. Dictionary DGA has been used by malware families, including Suppobox and Matsnu.

TIDE – May 23, 2018

New Feature

• Lookalike Domains
  This release of TIDE supports the search for lookalike domains through TIDE API calls or the TIDE UI. Lookalike domains are domains that are found to be visually similar (look-alike) with other domains. These domains are composed using methods such as replacing letters with visually confusion ones (e.g. o to 0, l to 1, w to vv), switching to different top-level domains (e.g. .com to .cc), among others. These domains are often found in cyber attacks seeking brandjacking, traffic redirection, and phishing.

BloxOne Threat Defense Cloud – May 17, 2018

New Feature

• BloxOne Endpoint Deployment through McAfee ePolicy Orchestrator
  • If you are using McAfee ePO (ePolicy Orchestrator) to manage your endpoint software, you can now integrate BloxOne Endpoint and subsequently install it on your endpoint devices to redirect DNS traffic to BloxOne Threat Defense Cloud.

BloxOne Threat Defense Cloud – May 9, 2018

New Feature

• Response Log Export
  • BloxOne Threat Defense Cloud provides DNS response logs that help you troubleshoot and analyze your network security. You can export these logs to a dedicated Amazon S3 bucket. BloxOne Threat Defense Cloud currently supports the following log types: DNS queries and responses, RPZ (Response Policy Zones) hits, and IPAM metadata.

TIDE – May 1, 2018

New Feature

• Organization Admin User Management
  A new OrgAdmin user management role is now available in TIDE. The OrgAdmin role can create, edit, deactivate, and re-activate users within an organization. The OrgAdmin role can also reset other users’ passwords within the organization. With the introduction of the OrgAdmin user role, it is now possible for organizations to manage their own organization’s users in the way that best suits the needs of the organization.

BloxOne Threat Defense Cloud – March 28, 2018

New Features

• BloxOne Threat Defense Cloud API for Custom Lists
  • In this release, you can use the BloxOne Threat Defense Cloud API to perform bulk operations for custom lists, such as viewing, creating, modifying, and deleting custom list objects and custom list items using HTTP methods.
• Category Filters
  • Category filters are content categorization rules that BloxOne Threat Defense Cloud uses to detect and filter internet content. Based on your needs and configuration, you can apply specific actions, such as Allow, Block, Log, and Redirect, to the filtered content.
• Custom Redirect Destinations
  • You can now create custom redirect destinations to redirect traffic to custom pages or integrate BloxOne Threat Defense Cloud with third-party proxies, secure web gateways, blackholes, honeypots or sinkhole solutions. BloxOne Threat Defense Cloud allows you to configure up to five custom redirect actions for your security policies.

BloxOne Threat Defense Cloud – February 8, 2018

New Feature

• Dual Stack Support for BloxOne Endpoint
  • BloxOne Endpoint supports dual-stack IPv4 and IPv6 DNS configurations, thereby protecting all devices regardless of their network environments. BloxOne Endpoint in a dual-stack environment is able to proxy IPv6 DNS queries and forward them to BloxOne Threat Defense Cloud over IPv4. Note that BloxOne Endpoint does not support an IPv6-only environment.

BloxOne Threat Defense Cloud – January 17, 2018

New Feature

• Security Report
  • This release introduces a new Security Report that provides a comprehensive filterable and searchable view of threats detected by BloxOne Threat Defense Cloud. This report allows you to quickly identify and mitigate malware infection and other malicious activities on your network. The default Hits tab of the report shows a list of all threat hits detected by BloxOne Threat Defense Cloud within the selected time period and a graphical view of hit activities over time. The other tabs show views of the threat activities aggregated by devices, users, networks, threat classes, or properties. This allows you to identify the types of threats that are affecting your network and the devices and users that are impacted for rapid investigation and mitigation.

BloxOne Threat Defense Cloud – December 19, 2017

New Feature

• Threats API
  • This release introduces the Threats API that allows you to make RESTful API calls to gather DNS security data from BloxOne Threat Defense Cloud for SIEM (Security Information and Event Management) purposes. Based on your business needs, you can configure a SIEM system in your network to collect the DNS security data so you can filter the data and create custom reports.

BloxOne Threat Defense Cloud – September 12, 2017

New Feature

• Support for Custom Message for Redirect Page
  • This release adds support for creating custom messages when BloxOne Threat Defense Cloud blocks malicious domains based on your security policies. When blocking users from accessing malicious domains, you can now redirect them to a page that delivers a default message about the action, use a redirect page of your own, or customize the redirect message.

BloxOne Threat Defense Cloud – August 07, 2017

New Feature

• Detection for Domain Generation Algorithm (DGA) Activities
  • This release adds the detection for DGA activities, a scheme used by malware for domain fluxing. DGAs are algorithms used to generate variations of a given domain name. They can be used to create a large number of domain names used as rendezvous points with command and control servers, in an attempt to evade detection by signature filters, block lists, reputation systems, security gateways, intrusion prevention systems, and other security methods. An infected system could create thousands of domain names and would attempt to contact a portion of these to receive updates or commands. BloxOne Threat Defense Cloud tracks DGA activities and displays the affected devices in the Command & Control report. You can also add a default custom list to your security policies for detecting DGA activities.

BloxOne Threat Defense Cloud – July 19, 2017

New Feature

• Detection for Fast Flux Activities
  • This release adds the detection for Fast Flux activities. Fast Flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind a network of compromised hosts acting as proxies. It can also be a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery. BloxOne Threat Defense Cloud tracks Fast Flux activities and displays the affected devices in the Command & Control report. You can also add a default custom list to your security policies for detecting Fast Flux activities.

BloxOne Threat Defense Cloud – July 17, 2017

Enhancement

• DNS Forwarding Proxy
  • This release enhances the OVA deployment to support using ESXi time synchronization by default. In the event that this option is disabled during OVA deployment, the DNS Forwarding Proxy will use the following NTP servers: ntp.ubuntu.com and ubuntu.pool.ntp.org. You must open the UDP 123 port for the NTP servers.

BloxOne Threat Defense Cloud – June 14, 2017

New Features

• DNS Forwarding Proxy
  • BloxOne Threat Defense Cloud is a SaaS offering designed to provide protection to devices on and off-premises, including roaming, remote, and branch offices. It provides visibility into infected and compromised devices, prevents DNS-based data exfiltration, and automatically stops device communications with command-and-control servers (C&Cs) and botnets, in addition to providing recursive DNS services in the cloud. You can access the services by deploying the BloxOne Endpoint agent or the DNS forwarding proxy. For remote office deployments or in cases where installing an endpoint agent is not desirable or possible, you can use the DNS forwarding proxy. It is a software that runs on bare-metal or VM infrastructures and embeds the client IPs in DNS queries before forwarding them to BloxOne Threat Defense Cloud. The communications are encrypted and client visibility is maintained. The proxy also provides DNS resolution to local DNS zones when you configure local resolvers. Once you set up a DNS forwarding proxy, it becomes the main DNS server for your remote site. It will also cache responses to speed resolution of future queries. Infoblox provides two installation methods: Docker container and the OVA file. You can install the DNS forwarding proxy using either one of the methods.
• Deploying BloxOne Endpoint for Multiple Users
  • You can now deploy BloxOne Endpoint on multiple users instantaneously and more effectively by using a Group Policy Object (GPO) for Microsoft Windows users or the Apple Remote Desktop (ARD) for Apple users. Once you deploy BloxOne Endpoint for your remote users, they no longer need to manually register in order to protect their devices–this applies to single user deployments as well.
• Detection for the DNSMessenger Malware
  • In addition to other DNS tunneling activities, BloxOne Threat Defense Cloud can now detect DNSMessenger malware activities. DNSMessenger is a Remote Access Trojan (RAT) that attackers use to conduct malicious Powershell commands on compromised devices. DNSMessenger uses DNS record queries and responses to create a bidirectional C&C channel that allows the submission of Powershell commands to infected devices and the return of responses back to the attackers. BloxOne Threat Defense Cloud tracks these malware activities and displays malicious devices in the Malware report.

Enhancements

• BloxOne Endpoint automatic bypass upon detection of DNS Forwarding Proxy
  • If a system on which you have installed BloxOne Endpoint is connected to a corporate network that is protected by a DNS Forwarding Proxy, BloxOne Endpoint will automatically enter bypass mode and all DNS traffic will be sent to the locally configured DNS resolvers. The DNS Forwarding Proxy then sends the requests to BloxOne Threat Defense Cloud. This feature ensures DNS queries traverse the corporate DNS infrastructure when the client is on the corporate network, but provides protection via the BloxOne Endpoint when the client is roaming.
• Reports
  • If you have DNS forwarding proxies configured for your BloxOne infrastructure, you can filter applicable reports by specific DNS forwarding proxies. The new Malware report lists the devices that have the most malware activities caused by DNSMessenger malware, so you can examine the data and take appropriate actions to secure your network.
• Security Policies
  • When configuring security policies, you can now select the “Log” action, which grants the “Allow” action to traffic and logs the queries to all relevant reports.