Before you can submit TIDE data, you must first create a data profile. For information about how to create a data profile, see Creating Data Profiles.

Submitting TIDE Data

To upload TIDE data, perform the following:

1. From the Infoblox Portal, click Configure > Manage > TIDE Data.
2. On the Data Upload page, you can submit data by performing the following:
1. Choose a data profile. From the drop-down list of data profiles, select a data profile from which to upload your data.
   
2. Choose a file to upload. Files can either be dragged and dropped onto the area of the UI where it says Drag a file here. Or it can be uploaded by clicking browse for a file to search for and select a file from your local machine for uploading. Files must be correctly formatted and be one of the following supported file types: XML, JSON, and comma/tab/pipe-separated values. Once a file is successfully uploaded, the record of its upload will be displayed in the Upload History section of the page. 
3. Click Upload to upload the file. Or the form can be reset by clicking Reset.

Upload History

In the Upload History panel, you can view a list of your organization's uploads. The upload history displays the following information:

• DATE SUBMITTED: The date the file was uploaded. The data is displayed in UTC format.
• DATA PROFILE: The account within the organization uploading the data and the data profile to which the data is being uploaded.
• METHOD: The method used to upload the data.
• STATUS: The status of the completed upload.
• # RECORDS: The number of records included in the data file upload.

TIDE Data Requirements

• File formats: Supported file formats include XML, JSON, and values separated by a comma, tab, or pipe. 
• Required data fields: Data files must follow the ActiveTrust Platform API Guidelines for file- and record-level fields. Records must contain a recognized threat class and/or property. For details on what classes and properties are acceptable during submission of TIDE data, and for details on proper formatting of threat class and property records being uploaded into TIDE, refer to the Threat Classification Guide: in the Infoblox Portal, go to Monitor > Research > Resources > Classification.  

• Optional Data fields:
• Other information: 

For API guides, see the following pages:

• Infoblox API Getting Started Guide - Threat Intelligence Data Exchange
• Infoblox Dossier Calls Reference
• Infoblox TIDE API FAQs Guide

TIDE Bring Your Own Feeds (BYOF)

Custom TIDE Bring Your Own Feeds (BYOFs) can be added as a policy rule to a security policy as a threat feed. For details, see Adding Policy Rules and Setting Precedence. The details of a custom TIDE BYOF are shown in the Threat Feed Details panel, where you will also find the address of your custom TIDE RPZ feed. To view your organization's feeds, including all custom RPZ feeds, log in to the Infoblox Portal, navigate to Configure > Security > On-Prem DNS Firewall Policies, and click Feed Configuration Values (Step 2). For information on DNS Firewall Policies, see On-Prem DNS Firewall Service.

Importing TIDE Data (a walkthrough)

1. Log in to the Infoblox Portal.  
2. Navigate to the data upload page: Configure > Manage > Data Upload.

3. To upload a data file, complete the following steps:
   Step 1: Choose a data profile. Select your desired data profile from the drop-down list of available data profiles. In the following example, the profile name is "TIDE_sample_profile". For this example, make sure that "profile" is set to "TIDE_sample_profile”.
   

   {     "feed": {     "profile": "TIDE_sample_profile",     "record_type": "host",     "record": [     {"host": "www.asdasdasdgoogle.com", "property": "Scanner_Generic",   "detected": "19980927T154242Z", "duration":"42y0m0w0d42h"},   {"host": "www.asdasdasdexample.com", "property": "Phishing_Phish",   "detected": "20170602T154742Z"}   ]   }

   Step 2: Import a data file. Drag and drop the file into the box where it says: Drag a file here. Alternatively, click Browse and navigate to and select the file.

To verify that TIDE data has been ingested into the system correctly, conduct a search in Dossier. On the Dossier search page (Monitor > Research > Dossier), conduct a search for the host www.asdasdasdexample.com, which was included in the uploaded example file. The search should return the uploaded host along with its details, all of which were uploaded with the example file.  

For additional information, see the following:

• TIDE Data Submission on the Cloud Services Portal
• Viewing Data Profiles
• Creating Data Profiles
• Editing Data Files
• Deactivating and Reactivating Data Profiles
  
• Custom TIDE Feeds