This topic includes new features and enhancements for Infoblox Threat Defense. You can view information about other enhancements and maintenance for Infoblox SaaS products and services in the Infoblox SaaS Release Notes.

Infoblox Threat Defense – February 28, 2025

Infoblox Threat Defense introduces an enhanced license dashboard with utilization metrics and trending.

The new Threat Defense Licensing Dashboard offers an in-depth overview of Threat Defense entitlements and utilization. It is designed to provide insights into trends associated with key licensing metrics, including Queries per User, Dossier™ Queries, and Ecosystem Events. For more information, see Viewing License Entitlements.

Infoblox Threat Defense – February 20, 2025

Infoblox Threat Defense introduces enhancements to the Executive Summary Report and Comprehensive Security Report.

These enhancements provide more comprehensive, actionable information and improved usability to support security teams in making informed decisions. Key enhancements include the following: A streamlined layout with a redesigned single-view summary presenting overall security statistics at a glance; improved highlighting of key traffic items that emphasizes critical customer traffic across all modules of Threat Defense; and dynamic DNS traffic anomaly detection of traffic patterns utilizing mean deviation analysis to highlight irregularities over the report period.

The enhanced Executive Summary and Comprehensive Security Reports are available to Threat Defense Business Cloud and Advanced licensed users. For information, see Summary Reports.

Infoblox Threat Defense – February 13, 2025

Infoblox Threat Defense introduces the Industry Vertical Analysis feature, allowing organizations to benchmark their security posture against peers within the same industry.

Infoblox Threat Defense introduces the Industry Vertical Analysis feature, allowing organizations to benchmark their security posture against peers within the same industry. This new feature analyzes DNS traffic and security events across key categories, including:

Malicious Threats
Risky Threats
Threat Insights
Threat Actors
Zero Day Detection

By comparing your security stance with industry peers and all Infoblox customers, this feature provides actionable insights to fine tune security policies and enhance your overall threat defense strategy. The analysis is based on the industry registered to your Infoblox account and presents data from three perspectives:

Customer-Specific – Your organization’s unique security metrics
Peers from the Same Industry Vertical – Comparative insights within your sector
All Customers – Broader trends across all Infoblox users

This feature is available to Business Cloud and Advanced licensed users. To access the report, navigate to Monitor > Reports > Security > Industry Vertical Analysis.

For more information, see Industry Vertical Analysis.

Infoblox Threat Defense – January 31, 2025

Infoblox Threat Defense application filtering now includes two new generative AI chatbots: DeepSeek and Qwen.

You can track the usage of these newly added chatbots by navigating to (Monitor > Reports > Security > Application Discovery) under the Applications - Generative AI category.

Using application filters, you can assign an application a status of Approved or Unapproved based on whether Application Discovery indicates it is safe or unsafe. An application’s status can be revised and updated at any time.

For information, see Creating Application Filters.

Infoblox Threat Defense – January 24, 2025

Infoblox Endpoint has released an updated version of its endpoint app for Android devices, now available on the Google Play Store.

The latest update addresses minor issues when used with Android 14 devices. For information, see Managing Mobile Endpoint.

Infoblox Threat Defense – January 24, 2025

Infoblox Endpoint has released an updated version of its endpoint app for Android devices, now available on the Google Play Store.

The latest update addresses minor issues when used with Android 14 devices. For information, see Managing Mobile Endpoint.

Infoblox Threat Defense – January 13, 2025

Infoblox introduces an event selection field option for SOC Insights logs exported to Data Connector.

This update features a new traffic flow widget in Data Connector, enabling users to select SOC Insights fields for HTTP destinations in non-DNS logs. For information, see Creating Traffic Flows and Log Source Configuration Export Options.

For more information, see Creating Traffic Flows and Log Source Configuration Export Options.

Infoblox Threat Defense – January 8, 2025

Infoblox has planned a deployment for additional security mechanisms on Thursday, January 23 at 6 PM PST to protect the Infoblox Portal.

Infoblox is deploying additional security mechanisms to protect the Infoblox Portal. During the deployment update on Thursday, January 23rd at 6 PM PST, the Infoblox Portal will remain available, and core services are unlikely to be impacted.

Infoblox Threat Defense – December 11, 2024

Infoblox now provides a new configuration landing page showing data for key services based on entitlement.

When users log on to the Infoblox Portal, the configuration landing page displays data for key services based on license entitlements.

The Infoblox Portal now displays the “What’s New” content in a new modal dialog.

This new dialog can be hidden by selecting the “Do not show me again” checkbox.

Infoblox Threat Defense – December 10, 2024

Infoblox bare-metal deployment now supports Red Hat version 9.5.

For more information, see Bare-Metal Deployment.

Infoblox Threat Defense – November 25, 2024

Infoblox Threat Defense introduces a feedback loop for Threat Intelligence (TI) Detectors.

This feature enables users to activate, deactivate, and remove TI domains from their custom lists. For information, see Custom Lists.

Infoblox Threat Defense adds Unicode support for custom lists and internal domain lists.

This enhancement allows users to input domains using Unicode characters in both custom lists and internal domain lists. For information, see Creating Custom Lists and Creating an Internal Domain.

Infoblox Threat Defense – November 22, 2024

Infoblox Threat Defense enhances the Application Discovery feature to improve the detection and blocking of generative AI applications.

Infoblox is excited to announce significant enhancements to our Application Discovery feature within Threat Defense Advanced, now with improved capabilities to detect and block applications used for generative AI. Recognizing the high risk of data loss associated with unmanaged generative AI, these updates are designed to provide organizations with additional protection. The new functionality distinguishes between consumer and enterprise versions of select generative AI applications, allowing for approved use while blocking unmanaged consumer versions. This update helps you leverage the benefits of generative AI securely and efficiently.

These enhancements underscore Infoblox’s commitment to continuous innovation and delivering increased value to our customers. By integrating these advanced detection and blocking capabilities, organizations can mitigate the risks associated with shadow IT and data exfiltration, ensuring compliance and enhancing overall security posture. Customers will benefit from improved visibility and control over application usage, empowering them to make informed decisions and maintain a secure, compliant environment. You can find these detections in the Infoblox Platform (Monitor > Reports > Security > Application Discovery), under the Applications - Generative AI category. This category was previously named AI Chatbots. For information, see Creating Application Filters.

Infoblox Threat Defense – November 14, 2024

Infoblox Endpoint version 2.4.20 is now available for Windows and macOS.

This update introduces support for macOS Sequoia 15.0.1 and above, along with stability improvements and fixes for minor issues on both Windows and macOS. Customers planning to upgrade their macOS to version 15 should follow these steps:

Test the upgrade on a small number of Mac computers first, rather than upgrading all machines at once.:Test the upgrade on a small number of Mac computers first, rather than upgrading all machines at once.
For Macs with Infoblox Endpoints, upgrade a few computers initially, monitor for any issues, and only proceed with upgrading the remaining devices if no problems are detected.

For more information about Infoblox Endpoint, see Managing Endpoint.

Infoblox Threat Defense – November 8, 2024

Infoblox Dossier now treats DNS lame delegation as a vulnerability.

Lame delegation occurs when one or more delegated nameservers fail to provide authoritative DNS information. When a lame delegation is detected on the queried domain, Dossier highlights this vulnerability along with the level at which this was detected, allowing customers to take appropriate action on the affected domain and nameserver.

For information, see Dossier Summary Report.

Infoblox Threat Defense – October 21, 2024

Infoblox now allows users to change the default password for the Device UI when configuring NIOS-X physical servers. This can be done through the Infoblox Portal, Device UI, or Debug CLI.

When deploying NIOS-X servers, Infoblox initially uses a default username and password for accessing the Device UI. Users can now change this default password via the Infoblox Portal, Device UI, or Debug CLI. Once changed, the new password will be synchronized across the console and Device UI, allowing for SSH and HTTPS access.

Infoblox Threat Defense – October 18, 2024

Infoblox Dossier now features streamlined false-positive reporting.

The Infoblox Dossier feedback functionality has been updated to direct critical and blocking issues to the Support Portal for ticket creation and to the Infoblox support team for assistance with Service-Level Agreement (SLA) compliance. This functionality allows users to submit feedback on the following indicators: False Positive, False Negative, and Content Categorization.

For information, see Dossier Threat Research Feedback.

Infoblox Threat Defense – September 24, 2024

Data Connector introduces HTTP Destination support for Microsoft Sentinel.

This enhancement facilitates the setup of Microsoft Sentinel as a destination in the Infoblox Platform. For more information, see Data Connector.

New Infoblox Portal – September 05, 2024

Infoblox is pleased to announce a significant update to the Infoblox Portal featuring a modern UX refresh designed to enhance your experience and productivity. (UI updates will be available for the EU Region users in October).

Watch the video guide to the new Infoblox Portal.

This update introduces:

Optimized Navigation Experience: Our redesigned interface offers more intuitive and seamless navigation, allowing you to find what you need faster and more efficiently through the following enhancements.

Bespoke Lifecycles:
- Monitoring lifecycle: This lifecycle focuses on providing business visibility through custom asset, security, and networking monitor Workspaces. These workspaces are tailored to deliver real-time insights and visualizations, helping you keep a close eye on critical metrics and system health.
- Configuration lifecycle: Optimized to configure and deliver network services efficiently, this lifecycle follows best practices to ensure smooth and effective network management. It simplifies complex configurations, making deploying and managing network services easier.
Improved Navigation Flows: Core task focus areas such as Security, Network, and Administration are now more logically grouped. This logical grouping streamlines your workflow, making accessing the tools and information you need easier without unnecessary clicks or searches.
Industry-Standard Layouts: User Profile options, Account selection, and Notifications have been redesigned to align with industry standards. This redesign enhances usability and consistency across the portal, providing a familiar and user-friendly experience.

Enhanced Server and Service Deployment Management Workflows:

Universal DDI Offering: Introducing NIOS-X As-a-Service, a fully managed deployment solution that enables network protocol service delivery without the need for infrastructure investments. This new deployment type simplifies the process of delivering network services, allowing you to focus on your core business activities.
Dedicated Servers Section: Users of traditional services will now find virtual and physical hosts under a dedicated Servers section. This section includes our next-generation NIOS-X servers (formerly BloxOne) and our industry-leading NIOS solution, providing a comprehensive view of your deployment infrastructure.
Manage NIOS with Universal DDI: Single pane of glass management of NIOS Grids and Members directly within the Infoblox Portal

Increased Visibility to Critical Metrics:

Stay informed on key performance indicators with our new dashboards and KPIs, designed to provide clear and actionable insights:

Custom Workspaces: Workspaces for Assets, Security, and Networking feature custom-designed monitors crafted by our industry experts. These monitors deliver out-of-the-box real-time visualizations of critical metric summaries, allowing users to quickly assess the health of their networking and security environment. With these insights, you can take immediate action without waiting for reports or updates.
Business KPI Ribbon: A new Business KPI ribbon provides line-of-sight visibility into critical success metrics. This feature allows users to quickly understand the positive impact of the Infoblox market-leading DDI solution in securing critical business assets, providing 24x7 highly scalable network services, and offering centralized management across both cloud and on-premises deployments.

Provide Tailored User Access with Access Views

Access Views enables users to set custom fine-grained access rules for specified users or groups and associated DDI resources.

Infoblox Endpoint releases version 2.4.16 for Windows and macOS

This release addresses an issue with statically assigned DNS servers on network interfaces. For more information about Infoblox Endpoint, see Managing Endpoint.

BloxOne Threat Defense – August 29, 2024

Data Connector introduces BloxOne Cloud-to-Cloud SIEMs, emphasizing fully managed services with seamless integrations with third-party SaaS services.

Key enhancements in this release:

Facilitates the setup of a Syslog destination in BloxOne Cloud.
Facilitates the setup of automations in BloxOne Cloud.
Facilitates the setup of an HTTP Destination in BloxOne Cloud.

For more information, see Data Connector and Infoblox Ecosystem.

Infoblox Ecosystem now offers support for automation integrations running in BloxOne Cloud, enabling the automation of Cloud-to-Cloud workflows.

Users have the ability to configure automated workflows, with service instance options specifically for setting up cloud-to-cloud flows. For more information, see Data Connector and Infoblox Ecosystem.

BloxOne Threat Defense – August 19, 2024

To enhance Threat Defense services, Infoblox has launched a new second-level infobloxtd.com domain along with additional IP addresses, 103.80.6.120 and 52.119.41.120.

Infoblox strongly recommends that all customers update their network configuration to enable access to the new IP addresses, the second-level domain, and all its subdomains. Infoblox plans to launch services utilizing these IP addresses and hostnames under infobloxtd.com by mid-September 2024.

Data Connector introduces additional event field options for Atlas Notification settings.

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see Creating Traffic Flows.

BloxOne Threat Defense – August 14, 2024

Data Connector introduces additional event field options for Audit Log settings.

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see Creating Traffic Flows.

BloxOne Threat Defense – August 5, 2024

Infoblox launches the Infoblox Ecosystem Program.

This program includes a self-service portal, offering certified, out-of-the-box integrations with leading technology providers. The program is powered by Automations, an event-driven automation framework designed to streamline integration development. These integrations have undergone rigorous testing and validation to ensure compatibility and support by Infoblox. The program aims to help NetOps and SecOps teams automate workflows, enhance security, and improve collaboration across on-premises, hybrid, and multi-cloud environments. For information, see Ecosystem Portal.

BloxOne Threat Defense – August 2, 2024

Data Connector now supports sending logs to an HTTP destination in Splunk CIM data format.

When configuring a Data Connector traffic flow, you now have the option to choose Splunk CIM as the log message format when you configure HTTP as the destination. For information, see Setting Up HTTP.

BloxOne Threat Defense releases BloxOne Mobile Endpoint for iOS without VPN dependency.

To improve compatibility with VPN solutions, including on-demand VPN, BloxOne Mobile Endpoint for iOS will be able to use the iOS native DNS proxy framework to intercept all DNS traffic. Requirements: iOS/iPadOS 14.x and later, deployment by an MDM.For more information about BloxOne Mobile Endpoint, see Managing BloxOne Mobile Endpoint.

BloxOne Threat Defense – August 1, 2024

Infoblox introduces event selection field options for BloxOne Threat Defense DNS Query/Response log, BloxOne Threat Defense Policy Hits log, BloxOne DDI DNS Query/Response log, and Service Logs exported by Data Connector.

This update introduces a refined traffic flow widget in the Cloud Services Portal that allows users to choose subtypes and event fields seamlessly. For information, see Creating Traffic Flows and Event Field Logs.

BloxOne Threat Defense – July 26, 2024

BloxOne Endpoint releases version 1.0.9 for Linux Ubuntu 22

This release includes stability improvements. For more information about BloxOne Endpoint, see Managing Endpoint.

BloxOne Threat Defense – July 24, 2024

To enhance security, the host API keys have been deprecated. However, users can still access the BloxOne APIs using the service API keys.

For information about service API keys, see Configuring Service API Keys.

BloxOne Threat Defense – July 23, 2024

BloxOne Endpoint releases version 2.4.10 for Windows and macOS.

This release includes stability improvements and resolves minor issues. For more information about BloxOne Endpoint, see Managing Endpoint.

BloxOne Threat Defense – July 12, 2024

BloxOne introduces tagging enhancements that restrict tag values displayed during tag addition, application, and filtering to those currently assigned to objects. Additionally, predefined tag values can now be defined through restricted tags, instead of freeform tags. To explicitly add values to a freeform tag, convert the tag to a restricted tag first.

For more information, see Managing Tags.

BloxOne Threat Defense – June 21, 2024

BloxOne enhances the performance and usability of Global Search on the Cloud Services Portal, making it easier and faster for users to find what they need.

Global search includes the following enhancements:

Users can now start a search by pressing the Enter key after entering key words.
Quick results will display the top three relevant results.
Users will see two groups of results: one for Exact Matches and the other for Related Results.
Exact match results will appear within a second.
Related results will be visible within a few seconds.

BloxOne Threat Defense – May 27, 2024

BloxOne Endpoint releases version 2.4.9 for Windows and MacOS.

This release includes stability improvements and resolves minor issues. For information, see Managing Endpoint.

BloxOne Threat Defense – May 9, 2024

BloxOne Threat Defense introduces a new RPZ feed structure that provides simplicity and user-friendly feed names.

BloxOne Threat Defense for NIOS now includes a new RPZ feed structure that provides simplicity, along with user friendly names, allowing users to set the correct policies and address the growing number of available RPZs over time. With the new structure, customers can configure their policy action correctly per their risk posture and have an “at a glance” understanding of how their network is protected. This requires removing the prior configured RPZ feeds and updating them to the consolidated new RPZs. The old RPZs will be supported until December 2024, giving time for transition to the new RPZ. The old RPZs will be deprecated after December 2024. Beyond the current RPZ updates for OnPrem, the feeds on the cloud will also be updated to reflect the same feed structure around July 2024.

Configuration Guide: https://docs.infoblox.com/space/BloxOneThreatDefense/622493764/Feed+Revamp+for+NIOS.

The following NIOS RPZ feeds are available based on your subscription level.

Feed Name	Essentials	Business On-Prem	Advanced
Infoblox Base	### ✔	### ✔	### ✔
Infoblox Base IP	NA	### ✔	### ✔
Infoblox High Risk	NA	NA	### ✔
Infoblox Medium Risk	NA	NA	### ✔
Infoblox Low Risk	NA	NA	### ✔
Infoblox Informational	NA	### ✔	### ✔

BloxOne Threat Defense – May 1, 2024

The default time filter in BloxOne Threat Defense reports has been updated from one hour to 24 hours.

The default time filter change applies to the following reports: DNS Activity, Security Activity, Summary Reports, Application Discovery, and Web Content Discovery. A one hour reporting option is still available, but it is no longer the default. The default time filter setting benefits our customers by improving the performance of the rendering reports.

BloxOne Threat Defense – April 30, 2024

BloxOne Threat Defense introduces Infoblox Threat Intel research with supporting documentation on threat actor naming conventions.

Threat intelligence research encompasses current analyses, alerts, advisories, and various reports compiled by the Infoblox Threat Intel team. This page highlights the threat actors discovered in your network. For each threat actor, the page also displays how early Infoblox discovered it in your network. Accompanying this information is detailed documentation that outlines the team’s specific naming conventions serving as a valuable reference source for users. For information, see Threat Intel and Infoblox Threat Actor Naming Conventions.

BloxOne Threat Defense – April 29, 2024

Infoblox is introducing a new, real-time streaming detection called “Zero Day DNS.”

Threat Insight – Zero Day DNS (Zero Day DNS) detects new domains observed in customer traffic to protect them from any possible targeted or spear phishing attacks. It follows a low-regret model and blocks the domain for a short >TTL of 48 hours. The domain will be released after 48 hours, by which time other security systems in place should have enough information about this new domain to protect per policy. The default recommended action for this TI-List is Block - No Redirect. The intent of this detection is to provide very near real-time protection on new domains (can detect and block within 1-2 minutes of usage). Often when new domains are not mission-critical and following a low-regret model, it’s best to have this protection in place. If for any reason the detected domains are known, verified, and needed for use, they can be added to the Default Allow list to bypass the detection. For information, see Zero Day DNS Configuration

BloxOne Threat Defense introduces external networks verification.

This feature allows BloxOne Threat Defense Business Cloud and Advanced customers to conveniently claim all their existing external networks, ensuring exclusive registration rights for subnets, and assuring no one else can register them in the database. This enhanced external network management capability permits the addition of large subnets (up to /8 for IPv4 and /32 for IPv6) with Infoblox’s verification. Smaller subnets (ranging from /30 to /32 for IPv4 and from /56 to /128 for IPv6) can be added without verification. For information, see Configuring External Networks. For information, see Configuring External Networks.

Infoblox announces the phase-out of the “Allow with Log” action support for content category filtering.

This change will affect only newly created policies and policy rules, ensuring that existing security policies remain unaffected. Customers can continue to modify and apply their current policies as usual without any adjustments to already provisioned rules. However, it will not be possible to establish new rules or policies incorporating the allow-log action for content categories moving forward. For information, see Creating Category Filters.

BloxOne Threat Defense introduces agentless implementation over DoH.

With this update, BloxOne Threat Defense can now terminate DoH connections and associate custom DoH FQDNs with specific customer policies. This allows customers to securely redirect their DNS traffic to the BloxOne Threat Defense cloud without a client and integrate our solution with third-party solutions. For information, see Configuring Security Policies.

BloxOne Threat Defense has updated its policy framework to address potential DNS rebinding attacks.

This update addresses attacks like DNS rebinding attacks where attackers use a malicious DNS server for reconnaissance when attempting to connect to internal services. By setting a low TTL, attackers cause the DNS record to expire quickly, leading to frequent queries that switch to internal network IP addresses. This allows them to bypass security measures, enabling harmful actions or data extraction. For information, see Configuring Security Policies. For information, see Configuring Security Policies.

BloxOne Endpoint has released several bug fixes for Linux Ubuntu 22.

These updates include correcting the MAC address during the login process and avoid any vulnerability of Stack canary protection, among other updates. For information, see Linux Client Application Deployment.

BloxOne Threat Defense – April 12, 2024

BloxOne consolidates notifications for host-related events, optimizing efficiency and improving system performance.

When configuring BloxOne notifications, you can now choose Host Status Infra to receive important events related to the supported host metrics. The former Host State option will no longer be available. This enhancement helps improve system performance and reduce the number of notifications you will receive. For information, see Configuring Notification Delivery.

BloxOne Threat Defense – April 11, 2024

This release of the BloxOne Data Connector includes a few enhancements: relocation of the Data Connector tab from the Manage tab to the Integrations tab on the Cloud Services Portal, a new traffic flow configuration wizard, and the ability to add tags.

In addition to the relocation of the Data Connector tab from the Manage tab to the Integrations tab, other enhancements include the release of a new traffic flow configuration wizard to improve workflow efficiency and the capability to add tags to traffic flows, sources, destinations, and ETL configurations. For information, see Data Connector.

BloxOne Threat Defense – April 5, 2024

BloxOne introduces enhancements that streamline account management across multiple organizations.

The enhancements are particularly beneficial for administrators managing multiple organizations or sandboxes, simplifying the process of accessing and controlling subsidiary organizational accounts. The enhancements also overhaul the Cloud Services Portal’s current account-switching feature by introducing an improved account selection menu that can handle hundreds of organizational accounts and includes a search and filter function for better organizational account management.

Additional enhancements include the following:

Administrators managing multiple organizations can set a default account, which is automatically accessed upon the initial connection to the Cloud Services Portal after authentication.
Administrators are able to specify favorite organizations, which are prominently displayed at the top of the account selection window/menu for quick and easy access.

For additional information, see Managing BloxOne Accounts.

BloxOne Threat Defense – April 4, 2024

Infoblox Data Connector supports forwarding of BloxOne DHCP lease logs to a NIOS reporting destination.

Infoblox Data Connector now allows you to forward BloxOne DHCP lease logs to NIOS reporting, streamlining network administration workflows and enhancing efficiency. For more information, see Configuring Traffic Flows.

BloxOne Threat Defense – March 14, 2024

BloxOne Endpoint supports deferred deployment scheduling options.

A new deferred deployment schedule option for BloxOne Endpoint for Windows, MacOS, and Linux is available, allowing endpoint upgrades to be postponed by the endpoint group. Deployment can be deferred for up to four weeks, with the option to select deployment day of week and time, independent of the release date. BloxOne Endpoint for iOS and Android will request and validate a user’s email during manual installation when an MDM service is not used for the deployment. This simplifies and improves user notification, compromised device tracking, access restrictions (by listing trusted domains), and general consumption. For information, see Scheduling Endpoint Group Updates.

BloxOne Mobile Endpoint validation of user email ID during manual installation (no MDM feature).

BloxOne Moblie Endpoint adds validation of the user’s email during manual installation when an MDM service is not used for the deployment. This simplifies and improves user notification, compromised device tracking, access restrictions (by listing trusted domains), and general consumption. For information, see Deployment of MDM-less Mobile Endpoint (no MDM feature).

BloxOne Threat Defense – March 8, 2024

Added DNS Point of Presence - U.S. (Ohio).

Infoblox adds PoP for DNS resolution in the U.S. (Ohio) to speed resolution, improve resiliency, and provide local resolution for organizations in that region.

BloxOne Threat Defense – February 23, 2024

AWS S3 RPZ log export now includes three additional fields: “key,” “sld,” and “extra.”

RPZ logs exported to AWS S3 and the object storage service will be updated to include additional fields: “key,” “sld,” and an “extra” field to provide additional metadata such as username, client region and country, endpoint group, response, etc. This RPZ log export enhancement uses a different output path on the customers’ S3 bucket ( / rpz_enriched / year=xxxx / month=xx / day=xx /hour=xx ). For information, see Log File Format.

BloxOne Threat Defense – February 16, 2024

SOC Insights for BloxOne® Threat Defense enhances SOC efficiency by utilizing AI-driven analytics to effectively reduce alert fatigue and security gaps while also decreasing Mean Time to Respond (MTTR).

By distilling vast numbers of alerts into crucial insights, analysts can prioritize and address critical issues more efficiently and effectively. SOC Insights further empowers analysts with instant access to relevant network, event, and DNS intelligence, allowing for speedy, informed decision-making and accelerated incident response and threat mitigation. SOC Insights is offered as an optional feature for both BloxOne Threat Defense Advanced and BloxOne Threat Defense for BloxOne Business Cloud customers. Additionally, Configuration Insights is automatically integrated into all existing BloxOne Threat Defense Business Cloud and Advanced user accounts, offering guidance on optimal detection settings and adherence to best practices.

Customers interested in exploring this feature can reach out to the sales team to request a trial. For information, see SOC Insights..

BloxOne Threat Defense – February 1, 2024

BloxOne Endpoint for Windows support for Join Tokens

The latest update to the BloxOne Endpoint for Windows, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Mac, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.

BloxOne Endpoint for Mac support for Join Tokens

The latest update to the BloxOne Endpoint for Mac, version 2.4.6, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Windows, Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint.

BloxOne Threat Defense – January 29, 2024

The Cloud Services Portal now provides enhanced viewing and export options for service logs from the Data Connector.

Logs from the Data Connector are now accessible for both viewing and downloading through the Cloud Services Portal.
The Data Connector has the capability to export service logs to all supported destinations, including integration with SIEM (Security Information and Event Management) systems.

For information, see BloxOne Notifications and Configuring Traffic Flows.

BloxOne Threat Defense – January 17, 2024

BloxOne introduces the redesign of the Dossier summary and timeline page.

The updated design now presents timeline events in a clear chronological order, using a vertical format for easier reference. Additionally, the redesign includes detailed event information linked to each timeline occurrence, streamlining the process of tracking and managing events within your organization. This enhancement aims to improve the user experience and facilitate more efficient detection, monitoring, and managing of reported threat indicators.

For information about Dossier, see The Dossier Threat Indicator Report.

BloxOne Threat Defense – January 16, 2024

BloxOne supports host deployment using generation 2 virtual machines on Hyper-V/Azure.

BloxOne now supports generation 2 VMs when you deploy BloxOne hosts in Microsoft Azure. For more information, see Microsoft Azure Deployment.

BloxOne supports adding host tags associated with the Cloud Services Portal during BloxOne host deployments.

When you deploy a BloxOne host, you can add a host tag to the “userdata” file to associate the host with the Cloud Services Portal. For more information, see YML and JSON Templates.

BloxOne supports firmware updates on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 hardware appliances.

To upgrade the firmware on Dell VEP-1425, Dell VEP-1485, and Infoblox B1-212 appliances, you can now download firmware upgrades and apply a firmware upgrade script via the debug CLI or a USB flash drive. For more information, see Updating Firmware on Hardware Appliances.

BloxOne host deployment on Google Cloud Portal (GCP) now supports IPv6.

For information, see Google Cloud Portal (GCP) Deployment..

BloxOne Threat Defense – January 5, 2024

BloxOne Endpoint for Linux support for Join Tokens

The latest update to the BloxOne Endpoint for Linux, version 1.0.7, introduces a new authentication method using join tokens. This enhancement significantly boosts security by enabling users to control endpoint access to the Cloud Service Portal through the use of rotating tokens. Rotating join tokens help prevent unauthorized access if an install package is leaked, for example. The server side of the authentication process is designed to be backward compatible, ensuring a smooth migration. Additionally, the same join token can be utilized across endpoint deployments for Linux, iOS, and Android. For information, see Configuring Join Tokens for Endpoint

BloxOne Threat Defense – December 4, 2023

BloxOne Mobile Endpoint for Android will receive a MDM-less deployment option.

BloxOne Mobile Endpoint for Android will receive a MDM-less deployment option. MDM-less deployment will allow better support for BYOD and other non-managed corporate devices. Users can now install BloxOne Endpoint from the Google Play store and enable it by scanning a provided QR code to protect their devices. QR codes are generated based on unique join tokens, which are easy to retire and rotate. Due to significant changes in the authentication process it is recommended to deploy the application in a lab environment first to ensure it is properly understood and implemented, and then schedule upgrades in stages. For information, see Managing Endpoint Groups and Managing BloxOne Mobile Endpoint.

BloxOne Threat Defense – December 1, 2023

BloxOne now displays all host types for hardware platforms on the Cloud Services Portal.

The Infrastructure > Host page of the Cloud Services Portal now displays B1-212 as the host type for Dell VEP appliances that are purchased from Infoblox. In addition, the “B105” hardware type is replaced by “B1-105.”

BloxOne allows you to add new services directly on the Infrastructure > Host page.

You can now add services to a specific host on the Infrastructure > Host page without navigating to the Services page.

BloxOne Threat Defense – November 20, 2023

BloxOne Endpoint for Windows version 2.4.3 is updated to provide a better experience with user group-based policies that do not require re-authentication on the agent. This release of BloxOne Endpoint for Windows and for MacOS version 2.4.3 also contains bug fixes.

For information, see Managing Endpoint Groups.

BloxOne Threat Defense – November 15, 2023

BloxOne Mobile Endpoint for iOS will receive a MDM-less deployment option.

MDM-less deployment will allow better support for BYOD and other non-managed corporate devices. Users can now install BloxOne Endpoint from the Apple App store and enable it by scanning a provided QR code to protect their devices. QR codes are generated based on unique join tokens, which are easy to retire and rotate. Due to significant changes in the authentication process it is recommended to deploy the application in a lab environment first to ensure it is properly understood and implemented, and then schedule upgrades in stages. For information, see Managing Endpoint Groups and Managing BloxOne Mobile Endpoint.

BloxOne Threat Defense – November 4, 2023

BloxOne Endpoint version 1.0.6 supports Ubuntu 20.x and RedHat 8.x distributions, in addition to Ubuntu 22.x.

For information, see Linux Client Application Deployment.

BloxOne Threat Defense – November 2, 2023

BloxOne introduces usability enhancements to global search and local search on the Cloud Services Portal.

The global search and local search enhancements include the following:

Global search input functionality updates
Local search bar and filter updates
New page header design and icon size and placement updates

For information, see Using Global Search and Using Local Search.

BloxOne Threat Defense – October 20, 2023

BloxOne introduces a new table view to the Hosts, Services, Monitoring, Locations, and Templates tabs on the Manage > Infrastructure page of the Cloud Services Portal.

In addition to the card and map views, you now have the flexibility to view and manage the data of hosts, services, monitoring, locations, and templates in a table format on the BloxOne Infrastructure page.

BloxOne introduces a new table view to the Audit Logs, Service Logs, and Security Logs tabs on the Administration > Logs page of the Cloud Services Portal.

In addition to the card view, you now have the flexibility to view and manage the data of audit logs, service logs, and security logs in a table format on the BloxOne Logs page.

BloxOne Threat Defense – October 6, 2023

BloxOne Threat Defense enhances full audit logging by adding details of Create, Update, and Delete (CUD) operations.

Enhanced audit logging track changes in security policies, custom lists, application/category filters, BloxOne Endpoint/BloxOne Endpoint group settings, and more. For more information, see Viewing Audit logs.

BloxOne lookalike domain management includes suggested domains for monitoring.

A maximum of 25 suggested lookalike domains can be added to a custom lookalike watch list for monitoring. For more information, see Viewing Custom Watched Domainsand Adding Suggested Lookalike Domains.

BloxOne Threat Defense – October 5, 2023

Infoblox BloxOne bare-metal deployment now supports Red Hat versions 7.9, 8.7, 8.8, 9.1, and 9.2.

For more information, see Bare-Metal Deployment..

BloxOne Threat Defense – September 27, 2023

Infoblox supports the deployment of BloxOne hosts in Google Cloud Platform.

You can now deploy BloxOne hosts on Google Cloud Platform using Infoblox-provided GCP package you download from the Cloud Services Portal. For more information, see Google Cloud Portal (GCP) Deployment.

Infoblox supports the deployment of BloxOne hosts on Containerd Environments.

You can now deploy BloxOne hosts on Containerd environments using Infoblox-provided BloxOne Install packages you download from the Cloud Services Portal. For more information, see Bare-Metal Deployment..

Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds.

Infoblox TIDE introduces new sizing guidelines for Custom RPZ feeds. Newly created custom RPZs are limited to a maximum of 6 million records. This limit includes all available feeds, such as Infoblox-curated data, Infoblox’s third-party data, and any uploaded data you provide. A new sizing indicator displays the number of records contained within a custom RPZ feed. Custom RPZ feeds created prior to the introduction of the new sizing guidelines will not be impacted by the new sizing guidelines, although no new records can be added. For information, see Sizing Guidelines for Custom RPZ Feeds.

For information, see Sizing Guidelines for Custom RPZ Feeds.

BloxOne Threat Defense – September 26, 2023

BloxOne enhances the Log Export feature to include additional metadata in the BloxOne Threat Defense DNS response logs.

DNS response logs are exported in parquet format. Exported parquet-files include the following additional columns: ‘key’, ‘sld’ and column ‘extra’ get additional fields: ‘sld’, ‘pname’, ‘pdisplay_name’, ‘domain_applications’, ‘qname_norm’, ‘client_country’, ‘client_continent’, ‘event_date’, ‘response_continent’, ‘response_region’, ‘response_country’, ‘application’, ‘egress_ip’, ‘device_name’, ‘device_ip’, ‘domain_categories’, ‘network’, ‘record_type’, ‘query_type’, ‘response’, ‘user_name’, ‘endpointgroups’. If you have any questions about the enhancement, please contact your account team or open a support ticket.

For information, see Exporting Logs.

BloxOne Threat Defense – September 1, 2023

You can now set up BloxOne sandboxes as test environments.

If your business requires a separate BloxOne test environment, you can purchase a BloxOne sandbox and set it up for testing purposes. For more information, see Managing Sandboxes.

Browser not supported