/
Install the Infoblox Data Connector
Document toolboxDocument toolbox

Install the Infoblox Data Connector

Owned by Shirly Tsang
Last updated: Aug 29, 2024 by Shukran Naqati
4 min read

As part of the Data connector we are going to create/update Threat Intelligence Indicators using Microsoft Sentinel REST APIs. To use these REST APIs we need Azure Client ID(Application ID) and Client Secret. To generate this Client ID and Client Secret follow the steps mentioned in App Registration and Required Access

  1. Go to Microsoft Sentinel Workspace in which you have installed the template, go to Data Connectors, search for the Infoblox Data Connector.

image-20240709-055727.png

  1. From the list of available components of the Infoblox Data Connector Integration, click on the Infoblox Data Connector via REST API and click on the Open connector page.

image-20240709-055748.png

  1. From this connector page click on the Deploy to Azure button.

image-20240709-055811.png

  1. After clicking, you will be redirected to the actual configuration screen of the Data Connector.
    You need to provide the below information and click on the “Review + Create” button

    1. Infoblox Base Url: Base URL of Infoblox (Default value is present)

    2. Infoblox API Token: Infoblox’s API Key

    3. Confidence: To fetch the indicators greater than provided confidence score

    4. ThreatLevel:  To fetch the indicators greater than provided threat level

    5. Azure_Client_Id: Azure clientId of your app registered on Microsoft Entra ID

    6. Azure_Client_Secret: Azure clientSecret created in app in Microsoft Entra ID

    7. Azure_Tenant_Id: Azure Tenant ID found in Microsoft Entra ID

    8. Workspace ID: Provide Workspace ID.

    9. Workspace Key :Provide Workspace Key.
      You can find Workspace ID and Workspace Key in the Data Connector page itself.

      image-20240711-100030.png

    10. Log Level: Log level or log severity value. By default it is set to INFO

    11. AppInsightsWorkspaceResourceID: Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}.

      image-20240711-094028.png

    12. Enter all the details in the connector deployment page and click on Review + Create

  2. Now click on the “Create” button to install the Data connector.

image-20240711-102410.png

6.After that you can see the deployment status as shown in the image below.

image-20240711-102526.png

  1. Once the data connector gets installed successfully. It can be found under the Function App

  2. Search and go to the “Function App”

image-20240711-102612.png

  1. This data connector contains a total of 15 function apps. Search installed function apps with the names starting with hist, curr and dossierlook.

image-20240711-102731.png

  1. To execute all the 15 functions together, please run the playbook Infoblox-Data-Connector-Trigger-Sync. To deploy and configure this  playbook, follow the steps mentioned in the Steps to Configure Playbook section.
    User needs to manually run the playbook to execute all the function apps. To do so, go to Logic Apps-> Select the playbook and click on Run button.

  2. After successfully adding integration settings, you will start receiving Indicators after around 1:15 hours in Microsoft Sentinel via the configured function app. You can see the threat indicators created in the Threat Intelligence section of Microsoft Sentinel. 

image-20240711-103019.png

  1. It can also be viewed in the Log Analytics Workspace table named ThreatIntelligenceIndicator.

image-20240711-103056.png

 

Related content