Data Connector – September 5, 2018
- Release 3.0 – Support for SIEM Tools
In addition to the previously supported Infoblox Reporting server, Infoblox ActiveTrust Cloud and Splunk Enterprise, this release adds support for SIEM tools as the destination servers.
SIEM tools can perform real-time analysis of the DNS query and response data to identify malicious activities and threats to the network.You can now configure the Data Connector to securely transfer DNS data from the Infoblox Grid to the SIEM tools. Infoblox Data Connector 3.0 VM converts the DNS queries and responses into CEF (Common Event Format) for ArcSight and McAfee ESM, and LEEF (Log Event Extended Format) for QRadar. Ecosystem license in NIOS Grid is required for the new SIEM destinations – this is the same as in DC 2.0 when it supported Splunk.
To receive data from the Infoblox Data Connector, the IBM QRadar, McAfee ESM, and Micro Focus ArcSight ESM consoles must be configured correctly. For more information about configuring the Data Connector and the respective consoles, refer to the Infoblox Data Connector 3.0 User’s Guide, available on the Infoblox Documentation website at.
This page has no comments.