Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

How can I integrate NIOS and CSP?

Authority
Posts: 20
1156     0

Hi community,

 

I would like to create an demo environment for POC.

Now I have integrated NIOS and CSP with NIOS Grid connector service. It is available if I create any activity on NIOS then it would automatically creates activity on CSP.

I want to add three more things for POC.

1. NIOS IPAM detect my ESXi server's available IPs.

I use NIOS on ESXi server now. 172.16.0.x/24 is the network. However NIOS IPAM doesn't detect all the used IP. I am using 71,72,73,74,75 now. But in IPAM, there is no marking that these IPs are using.image.png

How can make my NIOS IPAM to detect it?

 

2. How can I get DHCP from NIOS?

Almost same as above, if I create an new window host on ESXi server, how can let that window get an DHCP from my NIOS?

 

3. Syslog synchronization

I want to synchronize NIOS syslog to CSP.

The scenario is this, client(window) tried to access malicious domain, but B1TD automatically block the website and logs it on CSP, CSP gives this logs to NIOS, and this NIOS will give this log to splunk or other external log servers.

 

If there is someone know how to solve it, please reply me ToT. It is ok to just reply one question.

 

thank you guys.

Best Regards,

Elijah Choi.

Re: How can I integrate NIOS and CSP?

Techie
Posts: 8
1156     0

Hi,

For Question 1, you need vDiscovery configured. If you have already configured this but new data isn't showing up, remember that you need to either re-run the job manually or set it on a schedule.
https://docs.infoblox.com/space/NAG8/22251016/Chapter+14+IP+Discovery+and+vDiscovery
https://www.youtube.com/watch?v=M0qt5dyEyhM

 

For Question 2, If I am reading this correctly, you need to configure a DHCP scope in NIOS?

 

For Question 3, CSP doesn't sent logs to NIOS. However, you can deploy a BloxOne Host, enable the "Cloud Data Connector" service on it. You can then, in the CSP portal, configure the cloud to forward logs to this Host and then on to a syslog server of your choice.
https://docs.infoblox.com/space/BloxOneThreatDefense/35472014/Data+Connector

Re: How can I integrate NIOS and CSP?

Authority
Posts: 20
1157     0

Hi, Your answers were really useful to me!

 

Thank you so much!

 

Best Regards,

Elijah Choi.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You