Document toolboxDocument toolbox

Setting Up HTTP

Owned by Gary Leicht
Last updated: Oct 03, 2024 by Shirly Tsang
2 min read

To add HTTP as a destination in the Infoblox Portal utilizing Splunk or Microsoft Sentinel, complete the following:

  1. Log in to the Infoblox Portal.

  2. Click Configure > Integrations > Data Connector.

  3. On the Destinations tab, from the Create drop-down list, choose HTTP.

  4. In the Create HTTP Destination Configuration dialog, complete the following:

    • Name: Enter the name of the destination. Select a name that best describes the destination and can be distinguished from other destinations. The field length is 256 characters.

    • Description (optional field): Enter the description of the destination. The field length is 256 characters.

    • State: Use the toggle switch to enable or disable the destination configuration. By default, the destination state is disabled. If the destination configuration is disabled, you will not be able to select this destination when creating a traffic flow.

    • Format: Select the format for your log reports. The choices include Microsoft Sentinel or Splunk CIM.

      • When the HTTP destination is provisioned and Microsoft Sentinel format is selected, the oath2 authentication type will be preselected and required credentials can be provided. Data Connector formats outgoing messages in Microsoft Sentinel's json format with the payload data in ASIM format.

      • When the HTTP destination is provisioned and Splunk CIM format is selected, Data Connector formats outgoing messages in Splunk's json format with payload following Splunk's CIM format.

  5. In the HTTPS DETAILS section, complete the following:

    • URL: Enter the URL where you want messages sent.

    • Authentication: Select an authentication type from among the drop-down menu options. For Microsoft Sentinel, select Oauth2. For Splunk CIM, select Token.

    • Credential: Select a credential from among the list of drop-down options. To create a credential, in the Infoblox Portal go to Configure > Administration > Credentials > Create > Token (for splunk CIM). Only when the credential is created beforehand does the option to select the credential appear in the data connector destination configuration.

  6. in the Tags section, Click Add and specify the following to associate a key with the destination:

    • KEY: Enter a meaningful name for the key, such as a location or department.  

    • VALUE: Enter a value for the key. For details, see Managing Tags.

  7. Click Save & Close to create the destination.

For information on updating the Splunk server's configuration files, see Updating the Configuration Files.

 

Â