SaaS SIEMs enable seamless data ingestion from various SaaS solutions and customer-deployed systems in JSON format through HTTP(s) connections. Data Connector is capable of transferring Infoblox Platform and NIOS logs to SIEMs in a format that is easily interpreted by the destination, whether it is Microsoft Sentinel or Splunk with a NIOS-X server or a cloud destination. The customer should whitelist IP 3.221.42.234 (prd1.threatdefense.infoblox.com) when connecting to a destination using HTTP.
To access the Infoblox Portal and forward logs directly to Microsoft Sentinel and or Splunk Cloud using HTTPS, or when using Cloud-toCloud log transfer you must subscribe to the Infoblox Threat Defense Ecosystem.
For information about Infoblox licenses, please contact your Infoblox representative.
Using the Cloud/SaaS SIEM solution
...