Page tree

Contents

Depending on your business needs, you can configure the Data Connector traffic flow to send and receive data. The Data Connector collects specified data and generates the data into a specific data format before sending the data to the supported destinations.

For Data Connector to function properly, you must define the type of data and the source from which the Data Connector collects data, as well as the destination to which the Data Connector transfers the data. You can create different traffic flows for different purposes. For example, you can create a traffic flow for the Data Connector to collect DNS query and response data from a NIOS appliance and have it send the data to the NIOS Reporting Server. You can create another traffic flow for the same Data Connector to collect threat feeds and custom hits from BloxOne Threat Defense Cloud and send the data to Splunk.

Note

Before you configure traffic flows for the Data Connector, you must first enable the Data Connector service on the on-prem host, and then set up sources and destinations that you want to use in the traffic flows. For more information, see Configuring Sources and Configuring Destinations.

Supported Traffic Flows

The following table lists the sources, the corresponding data types, and destinations that the Data Connector supports:

SourcesData TypesFormatDestinations
NIOS
  • DNS Query/Response Log
  • RPZ Log

For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported.

For Splunk, Infoblox Legacy and Splunk CIM formats are supported.

For NIOS Reporting, CSV format is supported.

For Threat Insight, parquet files via gRPC streaming is supported.

Note

Only one traffic flow is supported for the Syslog/Splunk/NIOS Reporting destination.

  • BloxOne Threat Defense Cloud
  • Syslog (generic)
  • Splunk
  • NIOS Reporting
NIOS
  • DNS Query/Response Log
  • RPZ Log
  • IPAM Metadata
Parquet files via gRPC streamingBloxOne Threat Defense Cloud
BloxOne Threat Defense Cloud
  • Threat Defense Query/Response Log
  • Threat Defense Threat Feeds Hits Log

Streaming of data is close to real time.

For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported.

For Splunk, Infoblox Legacy and Splunk CIM formats are supported.

For NIOS Reporting, CSV format is supported.

  • Syslog (generic)
  • Splunk
  • NIOS Reporting
BloxOne DDI
  • DNS Query/Response Log

For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported.

For Splunk, Infoblox Legacy and Splunk CIM formats are supported.

For NIOS Reporting, CSV format is supported.

Note

Only one traffic flow is supported for the Syslog/Splunk/NIOS Reporting destination.

  • Syslog (generic)
  • Splunk
  • NIOS Reporting
BloxOne DDI
  • DHCP Lease Log

For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported.

For Splunk, Infoblox Legacy and Splunk CIM formats are supported.

  • Syslog (generic)
  • Splunk

Viewing Traffic Flows

To view  traffic flows for the Data Connector, complete the following:

  1. Log in to the Cloud Services Portal.
  2. Go to Manage -> Data Connector.
  3. Select the Traffic Flow Configuration  tab, and the Cloud Services Portal displays the following for all the traffic flow configurations:
    • NAME: The name of the source configuration.
    • DESCRIPTION: The information about the source configuration.
    • SOURCE: The filter criterion for the source process.
    • DESTINATION: The destination for the traffic flow.
    • ETL CONFIGURATION: Description of the ETL configuration type.
    • CDC INSTANCE: The name of the CDC instance.
    • STATE: Describes whether the configuration is Enabled or Disabled.

For additional information on configuring traffic flows in data connector, see the following:

  • No labels

This page has no comments.