THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

General Security & Cybersecurity Ecosystem

Reply

BloxOne TD - Forward Security Events, DNS activity, etc. to SIEM
witness777
New Member
Posts: 6

‎02-14-2022 09:33 AM

4303     0

We would like to get BloxOne Threat Defense events to our cloud SIEM (Sumo Logic). This includes events from Security Activity, DNS Activity, etc. that can be found in BloxOne TD csp portal. 

 

I found documentation (page 28) below stating that this can be done by forwarding logs via syslog. Am I on the right track? I have doubts that this is what I need as I'm getting info that I need an IB CDC appliance. Can someone assist in clearing my doubt?

 

https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf

Reply
0 Kudos

Re: BloxOne TD - Forward Security Events, DNS activity, etc. to SIEM
kzettel
Moderator
Moderator
Posts: 68

‎02-16-2022 08:05 AM

4304     0

Hello witness777,

 

The guide you provided shows Infoblox Cloud Data Connector deployment.

 

This should be what you are looking for. this will allow you to push data from your B1 instance to any SIEM instance so long as they support the standard file formating CEF or LEEF.

 

with this solution you will also beable to push data via your NIOS hardware appliance if you are running NIOS as well as our BloxOne products.

 

hope this helps!

 

Thank you,

Kevin Zettel

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements