Page Comparison

To create data filters for your source data, do the following:

• DNS Record Type: This filter can be applied on DNS query/response events and RPZ events. These records provide important details about domains and hostnames. The following are some of the DNS Record Type filters:
  • A Record
  • AAAA Record
  • CAA Record
  • CNAME Record
  • MX Record
  • NAPTR Record
  • NS Record
  • PTR Record
  • SRV Record
  • TXT Record
• OPHID: This is a unique identifier of the on-prem host. The user can use this value or provide a custom-defined OPHID. The following are some of the OPHID filters:
  • e7d97bd6548y8bbasd766e3f8f3789jrob6
  • 4c168ec9ca885fa5d9ccca0d8dfe793f
  • cdc-filter-test
• ON-PREM HOST: This is a display name of the on-prem host. The following are some of the ON-PREM HOST filters:
  • iccrvr01.indu.test-example.com
  • ZTP_atlasautomation_8722411532980096350
  • APIKEY1
  • Inblox Test OnPrem

...

1. Log in to the Cloud Services the Infoblox Portal.
2. Click ManageClick Configure > Integrations > Data Connector.
3. Select the ETL Configuration tab, and click Create.
4. From the Create drop-down list, select one of the following filtering criteria for the ETL configuration:  Regex NIOS HOST, IP/Network, FQDN, NIOS HOST, IP/Network, FQDN  DNS Record Type, OPHID, and ON-PREM HOST.
5. For the criterion you selected, specify the following information in In the Create ETL Filter wizard, and then click Save & Close:
   • Name: Enter a name that best describes the filtering function of the ETL configuration.
   • Description: Enter a description for the ETL configuration. The field’s length is 256 characters.
   • State: Use the slider to enable or disable the ETL configuration. The ETL configuration is in effect only after you enable it; if you disable it, the ETL filter will not be in effect even if you have applied the ETL configuration to a traffic flow configuration.

6. Expand the Regex, IP/Network, FQDN, NIOS HOST, IP/Network, FQDN DNS Record Type, OPHID, or ON-PREM HOST section, and click Add to add the applicable parameters:

• Regex: The regex filter applies to DNS query/response events and RPZ events. You can specify any regular expressions for the member name. You can also specify the name of the Grid member that processed the query. 

• The regex filter for the RPZ flow works with IP addresses, not with hostnames. For all other workflows, the filter works with hostnames.

• IP/Network: This filter applies to DNS query/response events, IP metadata, and RPZ events. If the event is a query, specify the query source’s IP address; if the event is a response, specify the destination’s IP address. Specify the client_ip filter in the following format:

CIDR block: Example: 10.10.0.1/15, 2001:cdba:9abc:5678::/64, etc.

• FQDN: The FQDN filter applies to DNS query/response events and RPZ events. A query filter is a combination of valid FQDNs and wildcards. Note the following about wildcards:
• You can specify a wildcard either on the left or right side of the FQDN.
• A rule can have zero, one, or two wildcards.
• If a rule has two wildcards, they have to be on the opposite ends of the FQDN.
• With the exception of the “?” wildcard, a wildcard on the left side of the FQDN must be followed by a dot.
• With the exception of the “?” wildcard, a wildcard on the right side of the FQDN must be preceded by a dot.

The following wildcards are supported:

...

Applicable to zero or more domain name labels. It can be specified only on the left side of the domain name. 

...

Applicable to one or more domain name labels. It can be specified only on the left side of the domain name. 

...

Use to specify exactly one domain name label. It can be specified either on the left or right side of the domain name. 

...

?.foo.com

?, ?.

corp.?.

test.? 

1. Filter dialog, complete the required information according to the filtering criterion you selected. For more information, see the following:
   • ETL Filters by NIOS Server
   • ETL Filters by IP/Network
   • ETL Filters by FQDN
   • ETL Filters by DNS Record Type
   • ETL Filters by OPHID
   • ETL Filters by Host
   • ETL Filters by Threat Class and Property
2. Click Save & Close.
3. Go to the Traffic Flow Configuration tab.
4. To create a new traffic flow, click Create. Alternatively, select an existing traffic flow and click Edit.
5. To the traffic flow configuration, add the filter(s) you have created. For more information, see Creating Traffic Flows.

For a complete list of supported filters, see Data Connector ETL Data Filter Types.

...

• Configuring ETL Filters
• Viewing ETL Configurations
• Editing ETL Configurations
• Removing ETL Configurations