The Infoblox Threat Intelligence Data Exchange (TIDE) CDF allows ThreatQ to ingest several dozen threat intelligence feeds from Infoblox (i.e. SURBL, Exploit Kits, EECN, DHS AIS NCCIC, TOR, DoT/DoH, etc.), as well as numerous optional 3rd party threat indicator feeds.

Note: Additional open source, public, or private feeds can also be integrated through the Infoblox TIDE feature to further enhance ThreatQ capabilities.

The integration ingests Indicator system object types and offers the following feeds:

• Infoblox TIDE - allows a user to ingest lookalike FQDN indicators from the Infoblox TIDE database.
• Infoblox TIDE Lookalike Domains - allows a user to ingest FQDNs that have similar spelling as popular FQDNs.

The integration ingests indicator and indicator attribute object types.