Page Comparison

SaaS SIEMs enable seamless data ingestion from various SaaS solutions and customer-deployed systems in JSON format through HTTP(s) connections. Data Connector is capable of transferring BloxOne Infoblox Platform and NIOS logs to SIEMs in a format that is easily interpretable interpreted by the destination, whether it is MS Microsoft Sentinel or Splunk with an on-prem host a NIOS-X server or a cloud destination. The customer should whitelist IP 3.221.42.234 (prd1.threatdefense.infoblox.com) when connecting to a destination using HTTP.

For information about Infoblox licenses, please contact your Infoblox representative.

Using the Cloud/SaaS SIEM solution

When direct data ingestion using a supported SIEM via HTTPs is used and authentication is required, traffic flows can be provisoned provisioned using HTTP destination types. When an HTTP destination is provisioned, the organization is responsible for configuring the following traffic flow information: name, description (optional), state (active/disabled), URL, log export format, authentication information.

For information on how to set up an HTTP destination using Data Connector, see Setting Up HTTP.

For information on how to set up a traffic flow configuration, see Creating Traffic Flows.

When direct data ingestion using a supported SIEM via HTTPs is used and when authentication is not required, traffic flows can be provisoned provisioned using HTTP destination types. When an HTTP destination is provisioned, the organization is responsible for configuring the following traffic flow information: name, description (optional), state (active/disabled), URL, log export format, authentication information.

For more information, see the following.

...