Introduction

Get user information

When a security incident occurs, for example, suppose that a specific IP address is identified from information such as FW. Since Infoblox is a DHCP server, it is easy to extract information that identifies a terminal, such as a MAC address or host name, from an IP address. At this time, don't you think it would be convenient to know the logged-in user information at the same time?
In such a case, the function to acquire domain user information by linking with AD is useful.
By using this function, user information can be obtained from AD and displayed in association with the IP address of the client on the Infoblox management screen. Since the login time is also displayed, you can quickly find out which user was using which IP address at the time of the incident.

By the way, this function does not require additional purchases such as licenses, and can be used only with standard functions!

*However, it is not supported by the TE-800 series.

Integrated management of DHCP/DNS information

I think that there are many cases where DHCP and DNS functions are used only by Infoblox, but depending on the configuration, there may be cases where DHCP and DNS environments by AD are still available. In that case, I think Infoblox and AD are managed separately. I think it would be difficult to manage if both have a certain scale, but if you use Infoblox's AD linkage function, you can get DNS and DHCP information from AD and manage it on Infoblox. You can also change the AD server DHCP and DNS settings from the Infoblox management screen.

Summary

In this article, we introduced a method for consolidating AD information into infoblox and using it for incident response. In this way, Infoblox can be used more conveniently by linking it with other products, so I would like to introduce it again.