diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Infoblox High Risk Event Severity.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Infoblox High Risk Event Severity.yaml
new file mode 100644
index 0000000..4924f3a
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Infoblox High Risk Event Severity.yaml	
@@ -0,0 +1,14 @@
+title: Infoblox High Risk Event Severity
+description: Infoblox detection for high risk events. This detection is based on the presence of the "InfobloxB1FeedName" field with the value "Infoblox_High_Risk" in the vendorParsed data. This indicates that the event has been flagged as high risk by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mappingtags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"severity\":\"8\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Infoblox Medium Risk Event Severity.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Infoblox Medium Risk Event Severity.yaml
new file mode 100644
index 0000000..720a9e4
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Infoblox Medium Risk Event Severity.yaml	
@@ -0,0 +1,15 @@
+title: Infoblox Medium Risk Event Severity
+description: Infoblox detection for medium risk events. This detection is based on the presence of the "InfobloxB1FeedName" field with the value "Infoblox_Med_Risk" in the vendorParsed data. This indicates that the event has been flagged as medium risk by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"severity\":\"5\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Malicious Traffic Distribution System.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Malicious Traffic Distribution System.yaml
new file mode 100644
index 0000000..272f287
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Malicious Traffic Distribution System.yaml	
@@ -0,0 +1,15 @@
+title: Malicious Traffic Distribution System
+description: Infoblox detection for malicious traffic distribution systems.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Malicious_TDS\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Malware Download.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Malware Download.yaml
new file mode 100644
index 0000000..325d5e1
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Malware Download.yaml	
@@ -0,0 +1,15 @@
+title: Malware Download
+description: Infoblox detection for malware downloads. Detects for downloads of malware based on the presence of the "InfobloxThreatProperty" field with the value "MalwareDownload_Generic" in the vendorParsed data. This indicates that the domain has been flagged for hosting or distributing malware by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"MalwareDownload_Generic\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Generic Malicious Connection Established.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Generic Malicious Connection Established.yaml
new file mode 100644
index 0000000..afe745c
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Generic Malicious Connection Established.yaml	
@@ -0,0 +1,15 @@
+title: Possible Generic Malicious Connection Established 
+description: Infoblox detection for possible malicious connections. Detects connections that may be indicative of malicious activity based on the presence of the "InfobloxThreatProperty" field with the value "Malicious_Connection" in the vendorParsed data. This indicates that the domain has been flagged by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Malicious_Generic\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Generic Phishing Website Visited.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Generic Phishing Website Visited.yaml
new file mode 100644
index 0000000..734bb70
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Generic Phishing Website Visited.yaml	
@@ -0,0 +1,14 @@
+title: Possible Generic Phishing Website Visited 
+description: Infoblox detection for possible generic phishing website visits. Detects visits to websites that may be hosting or distributing phishing content based on the presence of the "InfobloxThreatProperty" field with the value "Phishing_Generic" in the vendorParsed data. This indicates that the domain has been flagged by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mappingtags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Phishing_Generic\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Proxy Connection Established.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Proxy Connection Established.yaml
new file mode 100644
index 0000000..11babbc
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Possible Proxy Connection Established.yaml	
@@ -0,0 +1,15 @@
+title: Possible Proxy Connection Established
+description: Infoblox detection for possible proxy connections. Detects connections that may be indicative of proxy activity based on the presence of the "InfobloxThreatProperty" field with the value "Proxy_Connection" in the vendorParsed data. This indicates that the domain has been flagged by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Proxy_Generic\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Emergent Domain.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Emergent Domain.yaml
new file mode 100644
index 0000000..68c872f
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Emergent Domain.yaml	
@@ -0,0 +1,15 @@
+title: Suspicious Emergent Domain
+description: Infoblox detection for suspicious emergent domains. This detection is based on the presence of the "InfobloxB1FeedName" field with the value "Infoblox_Med_Risk" in the vendorParsed data. This indicates that the domain has been flagged as medium risk by Infoblox's threat intelligence feed.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Suspicious_EmergentDomain\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Nameserver.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Nameserver.yaml
new file mode 100644
index 0000000..524f064
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Nameserver.yaml	
@@ -0,0 +1,15 @@
+title: Suspicious Nameserver
+description: Infoblox detection for suspicious nameservers.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Suspicious_Nameserver\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file
diff --git a/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Traffic Distribution System.yaml b/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Traffic Distribution System.yaml
new file mode 100644
index 0000000..8f5ae13
--- /dev/null
+++ b/tm-v1-sigma-rules/third_party_logs/Infoblox/Suspicious Traffic Distribution System.yaml	
@@ -0,0 +1,15 @@
+title: Suspicious Traffic Distribution System
+description: Infoblox detection for suspicious traffic distribution systems.
+references: 
+    - https://docs.infoblox.com/space/BloxOneDDI/209453743/DNS+Security+Policy+Hit+and+RPZ+Hit+Log+Message+Mapping
+tags: []
+logsource:
+    category: THIRD_PARTY_LOG
+    product: Infoblox
+    definition: THIRDPARTY_THIRDPARTY
+detection:
+    string_condition_0:
+        vendorParsed: "*\"InfobloxThreatProperty\":\"Suspicious_TDS\"*"
+    condition: string_condition_0 
+level: info
+taxonomy: tm-v1
\ No newline at end of file