Log Source Configuration Export Options

Export options are available for the following source configuration log types:

• Audit Log

• DDI DHCP Lease Log

• DDI Query/Response Log

• Internal Notifications

• Service Log

• Threat Defense Query/Response Log

• Threat Defense Query/Response Log

For detailed information about each log type’s export options, see the information below.

Audit Log: The audit log reports all administrative activities performed by specific user accounts.

Open

Image: Audit Log export options; Audit Log export types and supported Internal Notifications export fields.

Audit export types:

• DNS

• DHCP

• IPAM

• Threat Defense

• Platform

Audit export fields:

• Action

• Application ID

• Client IP

• Created At

• Event Category

• Event Version

• HTTP Request Body

• HTTP Response Body

• Message

• Resource Description

• Resource ID

• Resource Type

• Result

• Severity

• Subject Groups

• Subject Type

• User Name

‌

DDI DHCP Lease Log: The DDI DHCP Lease Log reports information about Dynamic Host Configuration Protocol (DHCP) lease assignments and terminations.

Open

Image: DDI DHCPLease Log export options; export fields.

DDI DHCP Lease Log fields:

• Action

• Application

• Category

• Client ID

• Destination DUID

• DHCP Host IP Address

• DHCP Options

• Fingerprint

• Fingerprint PR

• Host ID

• Host name

• IP Address

• IP Range End

• IP Range Start

• IP Space Name

• Lease Scope

• Lease UUID

• Leased Host name

• Lifetime

• Severity

• Signature

• Source MAC Address

• Subnet

• Timestamp

• User name

• Vendor Product

DDI Query/Response Log: The DDI Query/Response Log reports DNS query requests and responses in Universal DDI.

DDI Query/Response Log fields:

• Additional Answer Count

• Anonymized

• Answer

• Answer Count

• App

• Authority Answer Count

• Category

• Client ID

• Connection Type

• Delay

• Destination IP

• Destination Port

• DHCP Fingerprint

• DNS Packet Type

• DNS QClass

• DNS QFlags

• DNS QType

• DNS Record

• DNS Request Flags

• DNS Response Flags

• DNS Tags

• DNS View

• Host OS Version

• Message

• Message Type

• Op Code

• OPH IP Address

• OPH Name

• Policy ID

• Protocol

• QAA

• QAD

• QCD

• QDO

• QQR

• QRA

• QRD

• QRR1

• QRR2

• QRR3

• QTC

• QType

• Query Class

• Query Count

• Query Name

• Query Type

• RAA

• RAD

• RCD

• RDO

• Record Type

• Region

• Reply Code

• Reply Code

• Reply Code Number

• RQR

• RRA

• RRD

• RRR1

• RRR2

• RRR3

• RTC

• Severity

• Source Device Name

• Source ID

• Source IP

• Source IP

• Source MAC Address

• Source Network

• Source Port

• Timestamp

• Timestamp Nanosec

• Transaction ID

• Transport Protocol

• TTL

• User Name

• Vendor Product
  
  

Internal Notifications: Internal Notifications reports all internal notification events.

Internal Notifications types:

• What’s new

• Thresholds

• SOC Insights

• Others

Internal Notifications fields:

• Blocked Count

• Category

• Description

• Event Category

• Event Count

• Feed Source

• Feed Status

• Host

• Insight ID

• Message

• Message

• Not Blocked Count

• Severity

• Severity

• Status

• Status

• Subtype

• Threat Class

• Threat Confidence

• Threat Family

• Threat Level

• Threat Type

• Timestamp

• Timestamp

• Type

• User Comment

Service Log: The Service Log reports all service events.

Service Log export types:

• Log Name

• Message

• Pool ID

• Service ID

• Timestamp
  
  

Threat Defense Query/Response Log: The Threat Defense Query/Response Log reports DNS query requests and responses in Infoblox Threat Defense.

Threat Defense Query/Response Log export types:

• Additional Answer Count

• Anonymized

• Answer Count

• App

• Authority Answer Count

• Client ID

• Connection Type

• Delay

• Destination IP

• Destination Port

• Device IP

• Device MAC Address

• Device Name

• DHCP Fingerprint

• DNS Answer

• DNS Packet Type

• DNS QClass

• DNS QType

• DNS Query Type

• DNS Record

• DNS Request Flags

• DNS Response Flags

• DNS Tags

• DNS View

• Event Category

• Flags

• Host OS Version

• Message

• Message Type

• Op Code

• OPH IP Address

• OPH Name

• Policy ID

• Protocol

• Protocol Code

• QAA

• QAD

• QCD

• QClass

• QDO

• QQR

• QRA

• QRD

• QRR1

• QRR2

• QRR3

• QTC

• Query Class

• Query Count

• Query Name

• Query Type

• RAA

• RAD

• RCD

• RDO

• Record Type

• Region

• Reply Code

• Reply Code (Parsed)

• Reply Code Number

• RQR

• RR1

• RRA

• RRD

• RRR2

• RRR3

• RTC

• Severity

• Source ID

• Source IP

• Source MAC Address

• Source Network

• Source Port

• Timestamp

• Timestamp Nanosecond

• Transaction ID

• TTL

• User Name

• Vendor Product

Threat Defense Threat Feeds Hit Log: The Threat Defense Threat Feeds Hit Log reports Infoblox Threat Defense feeds hit information.

Threat Defense Threat Feeds Hit Log export types:

• ACode

• Action

• Anonymized

• App

• ARR Data

• ARR Type

• Category

• Category

• Client ID

• Client Site ID

• Connection Type

• Destination IP

• Destination Port

• Device IP

• DHCP Fingerprint

• DNS Tags

• DNS View

• Domain Category

• Feed Name

• Feed Type

• Host OS Version

• IDS Type

• Log Level

• Message

• Op Code

• OPH IP Address

• OPH Name

• Policy Action

• Policy ID

• Policy Name

• QClass

• QType

• Query Class

• Query Name

• Query Type

• Region

• Rpz Query Feed

• Rule

• Rule Action

• Rule Disabled

• Severity

• Source

• Source Device Name

• Source ID

• Source IP

• Source MAC

• Source Network

• Source Port

• Threat Confidence

• Threat Indicator

• Threat Level

• Threat Property

• Threat Severity

• Timestamp

• Timestamp Nanosecond

• Transaction ID

• Transport

• Trigger Code

• User Name

• Vendor

• Vendor Product

• Version