Introduction
Infoblox BloxOne™ Threat Defense uses highly accurate machine-readable threat intelligence data via a flexible and open Threat Intelligence Data Exchange (TIDE) platform to aggregate, curate, and enable distribution of data across a broad range of infrastructure. TIDE enables organizations to ease consumption of threat intelligence from various internal and external sources, and to effectively defend against and quickly respond to threats.
Combine with MISP (Malware Information Sharing Platform), a popular open source threat intelligence platform. MISP is a free software for gathering, sharing, storing and correlating Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information or counter-terrorism information. Maximize the highly accurate TIDE feeds with the functionality of MISP to greatly enhance your security visibility.
Overview
When configured, MISP connects to the Infoblox Cloud Services Portal and downloads Infoblox TIDE feeds to be stored in the MISP platform. From there, you can perform a wide array of tasks to enhance visibility of IOCs. MISP events and attributes can be associated as related events against TIDE IOCs. Export, correlate and share your data with colleagues. Download and install MISP plugins for even more functionality.
Shown below is an example screenshot of an event attribute being correlated to a known malicious domain found in the Infoblox TIDE feed.
Requirements
The integration requires access to the following items:
- A MISP instance. You can download and install MISP for free from the MISP website.
- An appropriate BloxOne Threat Defense API key to access TIDE feeds/Active Indicators. This API key is retrieved from the Infoblox Cloud Services Portal (CSP) and input into MISP.
Installation
The Infoblox TIDE Feed Integration with MISP Deployment Guide cover the steps required to properly deploy this integration. See the demo video here for an overview of the integration and a quick demonstration of correlating MISP events with Infoblox feeds.
Get to know the vast functionality of MISP. Import, export, correlate and share your data as you wish. See the list of installable plugins on the MISP website here for even more functionality. MISP is completely free, so you can start exploring MISP today. Happy hunting!
