Data Connector HTTP Destination for MS Sentinel and Splunk (Data Connector to On-prem or Cloud)

SaaS SIEMs enable seamless data ingestion from various SaaS solutions and customer-deployed systems in JSON format through HTTP(s) connections. Data Connector is capable of transferring Infoblox Platform and NIOS logs to SIEMs in a format that is easily interpreted by the destination, whether it is Microsoft Sentinel or Splunk with a NIOS-X server or a cloud destination. The customer should whitelist IP 3.221.42.234 (prd1.threatdefense.infoblox.com) when connecting to a destination using HTTP.

For information about Infoblox licenses, please contact your Infoblox representative.

Using the Cloud/SaaS SIEM solution

When direct data ingestion using a supported SIEM via HTTPs is used and authentication is required, traffic flows can be provisioned using HTTP destination types. When an HTTP destination is provisioned, the organization is responsible for configuring the following traffic flow information: name, description (optional), state (active/disabled), URL, log export format, authentication information.

For information on how to set up an HTTP destination using Data Connector, see Setting Up HTTP.

For information on how to set up a traffic flow configuration, see Creating Traffic Flows.

When direct data ingestion using a supported SIEM via HTTPs is used and when authentication is not required, traffic flows can be provisioned using HTTP destination types. When an HTTP destination is provisioned, the organization is responsible for configuring the following traffic flow information: name, description (optional), state (active/disabled), URL, log export format, authentication information.

For more information, see the following.