Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

General Security & Cybersecurity Ecosystem


BloxOne TD - Forward Security Events, DNS activity, etc. to SIEM

New Member
Posts: 6
3869     0

We would like to get BloxOne Threat Defense events to our cloud SIEM (Sumo Logic). This includes events from Security Activity, DNS Activity, etc. that can be found in BloxOne TD csp portal. 


I found documentation (page 28) below stating that this can be done by forwarding logs via syslog. Am I on the right track? I have doubts that this is what I need as I'm getting info that I need an IB CDC appliance. Can someone assist in clearing my doubt?

Re: BloxOne TD - Forward Security Events, DNS activity, etc. to SIEM

Posts: 71
3870     0

Hello witness777,


The guide you provided shows Infoblox Cloud Data Connector deployment.


This should be what you are looking for. this will allow you to push data from your B1 instance to any SIEM instance so long as they support the standard file formating CEF or LEEF.


with this solution you will also beable to push data via your NIOS hardware appliance if you are running NIOS as well as our BloxOne products.


hope this helps!


Thank you,

Kevin Zettel

Showing results for 
Search instead for 
Did you mean: 

Recommended for You