The Infoblox OSINT CDF enables analysts to automatically ingest open source threat intelligence from Infoblox’s public GitHub repository into ThreatQ. The repository contains periodically updated CSV files with indicators of compromise associated with tracked campaigns and threat actors, allowing analysts to correlate this data with existing intelligence and support threat analysis.

The integration provides the following feed:

• Infoblox OSINT Indicators - retrieves domain indicators from the Infoblox Open Threat Intelligence GitHub repository.

The feed ingests indicators and indicator attributes.