Data Connector HTTP Destination for MS Sentinel and Splunk (Data Connector to On-prem or Cloud)
- Shirly Tsang
- Alex Mandel
- Gary Leicht
SaaS SIEMs enable seamless data ingestion from various SaaS solutions and customer-deployed systems in JSON format through HTTP(s) connections. Data Connector is capable of transferring Infoblox Platform and NIOS logs to SIEMs in a format that is easily interpreted by the destination, whether it is Microsoft Sentinel or Splunk with a NIOS-X server or a cloud destination.
To access the Infoblox Portal and forward logs directly to Microsoft Sentinel and Splunk Cloud using HTTPS, you must subscribe to the Infoblox Threat Defense Ecosystem. For information about Infoblox licenses, please contact your Infoblox representative.
Using the Cloud/SaaS SIEM solution
When direct data ingestion using a supported SIEM via HTTPs is used and authentication is required, traffic flows can be provisioned using HTTP destination types. When an HTTP destination is provisioned, the organization is responsible for configuring the following traffic flow information: name, description (optional), state (active/disabled), URL, log export format, authentication information.
For information on how to set up an HTTP destination using Data Connector, see Setting Up HTTP.
For information on how to set up a traffic flow configuration, see Creating Traffic Flows.
When direct data ingestion using a supported SIEM via HTTPs is used and when authentication is not required, traffic flows can be provisioned using HTTP destination types. When an HTTP destination is provisioned, the organization is responsible for configuring the following traffic flow information: name, description (optional), state (active/disabled), URL, log export format, authentication information.
For more information, see the following.
Â