BloxOne Infoblox Platform security logs track security events generated by supported applications. Use these logs to monitor security events and gain deeper insight into the security and safety of your network.
To view the security logs, do the following:
In the Cloud Services Infoblox Portal, click Administration Monitor > Logs > Security Logs.
On the Security Logs page, click Display Recent to display the most recent 100 security events.
or
Clickto activate the filtering feature, and then click
to configure your filter.
From the Basic Columns menu, choose the filtering criterion you want to add. For example, if you choose Timestamp, select an applicable timeline within which you want to filter the results, using the calendar provided. To add more filtering criteria, clickagain to add another criterion. When you are done, click
to filter the events.
You can also clickto remove the filter you just created. If you want to use the same criteria for future filtering, you can save the filter by clicking
and entering a name for the filter. You can then click
to find the saved filter in the future without setting the filtering criteria again.
...
Timestamp: The UTC timestamp for the time the event was logged.
User: The user account that triggered the event.
App: The BloxOne Infoblox Platform application source that generated the event. The following sources are supported:
identity: Identity and Access Management Service.
ngnix: The NGNIX or Apache web server.
Security Event Type: The security event type. The following are supported types and their descriptions:
...
TIMESTAMP: The UTC timestamp for the time the event was logged
USER: The user account that triggered the event
APP: The BloxOne Infoblox Platform application source that generated the event. The following sources are supported:
identity: Identity and Access Management Service.
ngnix: The NGNIX or Apache web server.
SECURITY EVENT TYPE: The security event type. Refer to the event table on this page.
DOMAIN: The name of the domain from which the security event was generated
JWT: The JSON web token used to securely transmit the request.
REMOTE ADDRESS: The IP address used in the JSON web token.
REQUEST: The API request for the security event.
STATUS: The status of the API request for the security event.
USER EMAIL: The email address of the user account that triggered the event.
...
Sort events in ascending or descending order: Click the Sort by menu, choose the column by which you want to sort the events, and then use the up and down arrows.
View the security events that match a specific keyword: In the Search text box, enter a keyword that you want to search on. The Cloud Services Infoblox Portal will show the events that match the keyword.