...
- Splunk Enterprise. For more information, see Configuring Legacy Data Connector for Splunk.
- IBM QRadar. For more information, see Configuring Infoblox Legacy Data Connector for IBM QRadar.
- McAfee ESM. For more information, see Configuring Legacy Data Connector for McAfee ESM.
- Micro Focus ArcSight ESM. For more information, see Configuring Legacy Data Connector for Micro Focus ArcSight ESM.
Infoblox tested Legacy Data Connector 3.0 with the following SIEM versions:
...
The Legacy Data Connector is designed to run on VMware ESXi servers. You can install the Legacy Data Connector VM software package on a host with VMware ESXi 5.x or later installed, and then configure it as a virtual appliance. After configuring the Legacy Data Connector VM, you must register it with the Infoblox Grid and configure certain NIOS parameters before it can collect DNS query and response data from the Grid. Note that you can register only one Legacy Data Connector with a Grid running NIOS 7.3.0 and later.Anchor
Figure 1.1 Legacy Data Connection Process
...
| Note | ||
|---|---|---|
| ||
| For BloxOne Cloud destination, Legacy Data Connector collects additional data from the Infoblox NIOS Grid for reporting and analytic purposes. For more information, see Configuring BloxOne Threat Defense Cloud Destination. |
When you set up a Legacy Data Connector VM, you use it solely for collecting DNS data from the Grid and sending the data to the desired destination. You cannot add licenses to run other services, such as DNS and DHCP.
...
- The Data Connector collects DNS query data from the NIOS Grid and forwards this data to the NIOS reporting server through the SCP protocol, to the Infoblox cloud destination via HTTP requests, and to SIEM tools using TCP protocol.
- To ensure confidentiality, all protocol exchanges to and from the Legacy Data Connector VM are encrypted.
- The Legacy Data Connector VM has firewall enabled.
You can make a remote serial connection to the Legacy Data Connector VM using SSH port 2020. Example: ssh admin@DCVM_IP -p 2020.
Infoblox Technical Support can use port 2222 to access the Legacy Data Connector VM. Example: ssh dcadmin@DCVM_IP -p 2222.
Figure 1.1 illustrates the basic concept of the data collection process, which includes collecting query and response data from Grid members, storing them, and sending it back to the supported destinations. You can then monitor the trend of DNS queries by client, domain, time, record type, query type, and DNS view. For more information, see Viewing DNS Query Capture Reports.