Log Source Configuration Export Options

Export options are available for the following source configuration log types:

Audit Log
DDI DHCP Lease Log
DDI Query/Response Log
Internal Notifications
Service Log
Threat Defense Query/Response Log
Threat Defense Threat Feeds Hit Log
SOC Insights
IPAM Metadata/DHCP Lease Information

Note: When selecting IPAM Metadata/DHCP Lease Information, no management options are available. In the case of IPAM Metadata/DHCP Lease Information, the log types are excluded from the filter configuration options by design.

For detailed information about each log type’s export options, see the information below.

Audit Log: The audit log reports all administrative activities performed by specific user accounts.

Image: Audit Log export options; Audit Log export types and supported Internal Notifications export fields.

Audit export types:

DNS
DHCP
IPAM
Threat Defense
Platform

Audit export fields:

Action
Application ID
Client IP
Created At
Event Category
Event Version
HTTP Request Body
HTTP Response Body
Message
Resource Description
Resource ID
Resource Type
Result
Severity
Subject Groups
Subject Type
User Name

‌

DDI DHCP Lease Log: The DDI DHCP Lease Log reports information about Dynamic Host Configuration Protocol (DHCP) lease assignments and terminations.

Image: DDI DHCPLease Log export options; export fields.

DDI DHCP Lease Log fields:

Action
Application
Category
Client ID
Destination DUID
DHCP Host IP Address
DHCP Options
Fingerprint
Fingerprint PR
Host ID
Host name
IP Address
IP Range End
IP Range Start
IP Space Name
Lease Scope
Lease UUID
Leased Host name
Lifetime
Severity
Signature
Source MAC Address
Subnet
Timestamp
User name
Vendor Product

DDI Query/Response Log: The DDI Query/Response Log reports DNS query requests and responses in Universal DDI.

DDI Query/Response Log fields:

Additional Answer Count
Anonymized
Answer
Answer Count
App
Authority Answer Count
Category
Client ID
Connection Type
Delay
Destination IP
Destination Port
DHCP Fingerprint
DNS Packet Type
DNS QClass
DNS QFlags
DNS QType
DNS Record
DNS Request Flags
DNS Response Flags
DNS Tags
DNS View
Host OS Version
Message
Message Type
Op Code
OPH IP Address
OPH Name
Policy ID
Protocol
QAA
QAD
QCD
QDO
QQR
QRA
QRD
QRR1
QRR2
QRR3
QTC
QType
Query Class
Query Count
Query Name
Query Type
RAA
RAD
RCD
RDO
Record Type
Region
Reply Code
Reply Code
Reply Code Number
RQR
RRA
RRD
RRR1
RRR2
RRR3
RTC
Severity
Source Device Name
Source ID
Source IP
Source IP
Source MAC Address
Source Network
Source Port
Timestamp
Timestamp Nanosec
Transaction ID
Transport Protocol
TTL
User Name
Vendor Product

Internal Notifications: Internal Notifications reports all internal notification events.

Internal Notifications types:

What’s new
Thresholds
SOC Insights
Others

Internal Notifications fields:

Blocked Count
Category
Description
Event Category
Event Count
Feed Source
Feed Status
Host
Insight ID
Message
Message
Not Blocked Count
Severity
Severity
Status
Status
Subtype
Threat Class
Threat Confidence
Threat Family
Threat Level
Threat Type
Timestamp
Timestamp
Type
User Comment

Service Log: The Service Log reports all service events.

Service Log export types:

Log Name
Message
Pool ID
Service ID
Timestamp

Threat Defense Query/Response Log: The Threat Defense Query/Response Log reports DNS query requests and responses in Infoblox Threat Defense.

Threat Defense Query/Response Log export types:

Additional Answer Count
Anonymized
Answer Count
App
Authority Answer Count
Client ID
Connection Type
Delay
Destination IP
Destination Port
Device IP
Device MAC Address
Device Name
DHCP Fingerprint
DNS Answer
DNS Packet Type
DNS QClass
DNS QType
DNS Query Type
DNS Record
DNS Request Flags
DNS Response Flags
DNS Tags
DNS View
Event Category
Flags
Host OS Version
Message
Message Type
Op Code
OPH IP Address
OPH Name
Policy ID
Protocol
Protocol Code
QAA
QAD
QCD
QClass
QDO
QQR
QRA
QRD
QRR1
QRR2
QRR3
QTC
Query Class
Query Count
Query Name
Query Type
RAA
RAD
RCD
RDO
Record Type
Region
Reply Code
Reply Code (Parsed)
Reply Code Number
RQR
RR1
RRA
RRD
RRR2
RRR3
RTC
Severity
Source ID
Source IP
Source MAC Address
Source Network
Source Port
Timestamp
Timestamp Nanosecond
Transaction ID
TTL
User Name
Vendor Product

Threat Defense Threat Feeds Hit Log: The Threat Defense Threat Feeds Hit Log reports Infoblox Threat Defense feeds hit information.

Threat Defense Threat Feeds Hit Log export types:

ACode
Action
Anonymized
App
ARR Data
ARR Type
Category
Category
Client ID
Client Site ID
Connection Type
Destination IP
Destination Port
Device IP
DHCP Fingerprint
DNS Tags
DNS View
Domain Category
Feed Name
Feed Type
Host OS Version
IDS Type
Log Level
Message
Op Code
OPH IP Address
OPH Name
Policy Action
Policy ID
Policy Name
QClass
QType
Query Class
Query Name
Query Type
Region
Rpz Query Feed
Rule
Rule Action
Rule Disabled
Severity
Source
Source Device Name
Source ID
Source IP
Source MAC
Source Network
Source Port
Threat Confidence
Threat Indicator
Threat Level
Threat Property
Threat Severity
Timestamp
Timestamp Nanosecond
Transaction ID
Transport
Trigger Code
User Name
Vendor
Vendor Product
Version

SOC Insights log export types:

Blocked Count
Category
Description
Event Count
Feed Source
Feed Status
Insight ID
Message
Not Blocked Count
Threat Class
Threat Confidence
Threat Family
Threat Level
Threat Type
Timestamp
User Comment