02-14-2022 09:33 AM
We would like to get BloxOne Threat Defense events to our cloud SIEM (Sumo Logic). This includes events from Security Activity, DNS Activity, etc. that can be found in BloxOne TD csp portal.
I found documentation (page 28) below stating that this can be done by forwarding logs via syslog. Am I on the right track? I have doubts that this is what I need as I'm getting info that I need an IB CDC appliance. Can someone assist in clearing my doubt?
Solved! Go to Solution.
02-16-2022 08:05 AM
The guide you provided shows Infoblox Cloud Data Connector deployment.
This should be what you are looking for. this will allow you to push data from your B1 instance to any SIEM instance so long as they support the standard file formating CEF or LEEF.
with this solution you will also beable to push data via your NIOS hardware appliance if you are running NIOS as well as our BloxOne products.
hope this helps!