Saucepan

User Tools

Site Tools

Trace: delegation cloud_network_automation dns_exfiltration powershell dns_servers forwarding best_practice firewall_rules migration licencing
infoblox:licencing

This is an old revision of the document!

Table of Contents

Infoblox Licencing

Universal DDI

Here

BloxOne Threat Defense

Here

BloxOne Threat Defense Features

Essentials (On-Prem Only)

  • Live threat feeds in DNS RPZ format
  • DNS Firewall capable of stopping threats at your GRID
  • Threat Insight to detect advanced threats and data exfiltration
  • Threat Lookup to research basic attacker data (Dossier is not included in BloxOne Threat Defense Essentials)
  • Predefined Reports (Infoblox reporting appliance is required if On-Prem)
  • This page lists feeds available in Essentials

Business (On-Prem or Cloud)

  • Dossier advanced threat research portal
  • Security Ecosystem to integrate Infoblox data with your 3rd party security tools
  • (Cloud Only) Endpoint Protection for your roaming Windows and Mac computers
  • (Cloud Only) Web Content Filtering
  • Access to the Active indicators tool
  • This page lists feeds available in Business (Business + Essentials)

Advanced

  • Threat Intelligence Data Exchange (TIDE) Manage and share threat intelligence between all of your security environment in multiple machine-readable formats
  • Access to Application Discovery tool
  • Application filtering
  • This page lists feeds available in Advanced (Advanced + Business + Essentials)

BloxOne Licencing

BloxOne DDI data is here

BloxOne Threat Defence data is here.

Universal DDI

NIOS-X QPS calculation: We capture data ever 5 minutes so each value is averaged for each 5 minute collection interval.

BloxOne Threat Defense License Caveat

From B1TD Supplemental Terms and Conditions.

BloxOne Threat Defense Advanced and On-Prem offerings are subject to an average monthly DNS query limit of 3,500 DNS queries per Protected User per day. Usage of B1TD is continuously monitored to determine a customer’s average monthly DNS queries.The monthly DNS query average is calculated based on the number of DNS queries for any particular month (the number of days in that month) divided by the Customer’s Licensed Capacity. Infoblox may work with each Customer when their usage exceeds the current Licensed Capacity. If a Customer’s usage cannot be modified to align to the current Licensed Capacity, the Customer will need to purchase additional Licensed Capacity to ensure query limits are within the license terms.

Remember. B1TD Advanced is licensed based on employee count. Why? Because it is simple and it works for the most part. However, the caveat above is in place to protect Infoblox from a 100 employee company protection 10,000 busy servers, etc.

Sandbox Restriction

From here

“Allowable Usage” means, unless otherwise specified in the applicable Order, no more than 5.5 million DNS Queries per month per SANDBOX Instance.

Other

NIOS Grid Connector Notes:

  • NIOS Grid connector requires NIOS 8.5 and can only export data to BloxOne. The exported data in BloxOne will be read only in BloxOne.
  • The NIOS Grid Connector service does not support the importing of DHCP lease data from NIOS Grid.
  • NIOS Grid connector requires that the appliance be TE-14xx or higher.
  • Only IPv4 objects are imported it seems. See here.
  • Data managed by NIOS and synced to BloxOne via NIOS Grid Connector (NGC) does not count towards licence usage of BloxOne. However, if devices that are “managed” by NIOS then go and query DNS services run by BloxOne, they will contribute to the BloxOne Active IP usage.

Active IP address

  • A Fixed (Static) Address - Just IP or does it have to include a MAC address?
  • IP Address found in DHCP leases
  • Source IP Address found in a DNS Query.

Instance

  • A single online Host running DHCP and/or DNS services
  • A pair of hosts configured in co-located DHCP HA groups [A/A or A/P]) - Note, if the pair of hosts configured in a co-located DHCP HA group also run DNS, they are counted as two hosts. Advanced A/P members are counted separately

External Licences

External “BYOL” licences (purchased from other vendors) can be added to the BloxOne CSP to allow Dossier to pull more data for its reports.

  • ProofPoint - Emerging Threats
  • Mandiant - APIv4
  • Virus Total

(IF YOU HAVE B1TD ADVANCED) You can also purchase (from Infoblox) licences to allow access to RPZ threat feeds from other sources (these feeds are then accessible via the BloxOne portal along with all the other Infoblox RPZ feeds.

  • FarSight - Security Newly Observed Domains (NOD)
  • Proofpoint - Emerging Threats (ET) IP and Domain Reputation

Note that the following sources of Threat Intelligence and/or Threat Intelligence feeds are no longer supported.

  • CrowdStrike
  • FireEye - iSight Threat Intelligence
  • ThreatTrack - Security BorderPatrol
infoblox/licencing.1735313080.txt.gz · Last modified: by bstafford