You can configure a Data Connector traffic flow that sends and receives data according to your business needs. Data Connector collects specified data, converts it into a specific format, and sends it to supported destinations.
For Data Connector to function properly, you must define the type of data, the source from which Data Connector is to collect data, and the destination to which Data Connector is to transfer data. You can create different traffic flows for different purposes. For example, you can create a traffic flow in which Data Connector will collect DNS queries and response data from a NIOS appliance and will send this information to the NIOS Reporting Server. You can create another traffic flow, in which the same Data Connector will collect threat feeds and custom hits from BloxOne Infoblox Threat Defense and will send the data to Splunk.
Before you configure traffic flows for Data Connector, you must first enable the Data Connector service on the service instance and then set up sources and destinations that you want to use in the traffic flows. For more information, see Configuring Sources and Configuring Destinations.
| Info |
|---|
The provided information is for reference only. It represents the results of lab testing in a controlled environment focused on individual protocol services. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect. |
...
Sources | Data Types | Format | Destinations |
|---|---|---|---|
NIOS |
|
|
|
NIOS |
|
| BloxOne Infoblox Threat Defense CloudPlatformBloxOne |
Infoblox Threat Defense |
Streaming of data is close to real time. | For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, the CSV format is supported. Only one traffic flow is supported for the Syslog, Splunk, Splunk Cloud, or NIOS Reporting destination. |
|
BloxOne Universal DDI | DNS Query/Response Log | For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, the CSV format is supported. Only one traffic flow is supported for the Syslog, Splunk, Splunk Cloud, or NIOS Reporting destination. |
|
BloxOne Universal DDI |
| For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. DHCP-enriched logs, including certain metadata, are sent in the CEF and LEEF formats. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. |
|
...
To view traffic flows for Data Connector, do the following:
Log in to the Cloud Services Infoblox Portal.
Go to Configure > Integrations > Data Connector.
Select the Traffic Flow Configuration tab. The Cloud Services Infoblox Portal displays the following for all traffic flow configurations:
NAME: The name of the source configuration.
DESCRIPTION: The information about the source configuration.
SOURCE: The filter criterion for the source process. When subscribing to a marketplace script obtained through the Infoblox Ecosystem, a default source configuration will populate the source field.
DESTINATION: The destination for the traffic flow.
LAST DELIVERED: Date and time of last traffic flow delivery.
ETL CONFIGURATION: The description of the ETL configuration type.
SERVICE INSTANCE: The name of the service instance.
STATE: An indication of whether the configuration is enabled or disabled.
STATUS: The current status of the traffic flow.
The following status types are reported:Active: A data pull is currently in progress.
Review Details: Review the details for the data pull.
Completed: A data pull has been completed on date and time.
Scheduled: A data pull is scheduled for date and time.
Disabled: A data pull has been disabled.
...