You can configure a Data Connector traffic flow that sends and receives data according to your business needs. Data Connector collects specified data, converts it into a specific format, and sends it to supported destinations.

For Data Connector to function properly, you must define the type of data, the source from which Data Connector is to collect data, and the destination to which Data Connector is to transfer data. You can create different traffic flows for different purposes. For example, you can create a traffic flow in which Data Connector will collect DNS queries and response data from a NIOS appliance and will send this information to the NIOS Reporting Server. You can create another traffic flow, in which the same Data Connector will collect threat feeds and custom hits from Infoblox Threat Defense and will send the data to Splunk.

Before you configure traffic flows for Data Connector, you must first enable the Data Connector service on the service instance and then set up sources and destinations that you want to use in the traffic flows. For more information, see Configuring Sources and Configuring Destinations.

The provided information is for reference only. It represents the results of lab testing in a controlled environment focused on individual protocol services. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect.

Supported Traffic Flows

The following table lists the sources, corresponding data types, and destinations that Data Connector supports:

Sources	Data Types	Format	Destinations
NIOS	RPZ Log	For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, the CSV format is supported. For Threat Insight, Parquet files via gRPC streaming are supported. Only one traffic flow is supported for the Syslog, Splunk, Splunk Cloud, or NIOS Reporting destination.	Infoblox Threat Defense Platform Syslog (generic) Splunk Splunk Cloud NIOS Reporting
NIOS	RPZ Log IPAM Metadata	Parquet files via gRPC streaming The NIOS IPMeta configuration flow to Infoblox Destination requires at least 16 GB RAM size for servers where ipmeta flows are configured. If there are more frequent DB object updates then the RAM size needs to be further increased based on the DB size. It can be doubled to the previous memory resource limit ( i.e 16 * 2 = 32 GB ).	Infoblox Threat Defense Platform
Infoblox Threat Defense	Threat Defense Query/Response Log Threat Defense Threat Feeds Hits Log Audit Log Internal Notifications Streaming of data is close to real time.	For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, the CSV format is supported. Only one traffic flow is supported for the Syslog, Splunk, Splunk Cloud, or NIOS Reporting destination.	Syslog (generic) Splunk Splunk Cloud NIOS Reporting
Universal DDI	DNS Query/Response Log	For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, the CSV format is supported. Only one traffic flow is supported for the Syslog, Splunk, Splunk Cloud, or NIOS Reporting destination.	Syslog (generic) Splunk Splunk Cloud NIOS Reporting
Universal DDI	DHCP Lease Log	For a generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. DHCP-enriched logs, including certain metadata, are sent in the CEF and LEEF formats. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported.	Syslog (generic) Splunk Splunk Cloud NIOS Reporting

Viewing Traffic Flows

To view traffic flows for Data Connector, do the following:

Log in to the Infoblox Portal.
Go to Configure > Integrations > Data Connector.
Select the Traffic Flow Configuration tab. The Infoblox Portal displays the following for all traffic flow configurations:

NAME: The name of the source configuration.
DESCRIPTION: The information about the source configuration.
SOURCE: The filter criterion for the source process. When subscribing to a marketplace script obtained through the Infoblox Ecosystem, a default source configuration will populate the source field.
DESTINATION: The destination for the traffic flow.
LAST DELIVERED: Date and time of last traffic flow delivery.
ETL CONFIGURATION: The description of the ETL configuration type.
SERVICE INSTANCE: The name of the service instance.
STATE: An indication of whether the configuration is enabled or disabled.
STATUS: The current status of the traffic flow.
The following status types are reported:
- Active: A data pull is currently in progress.
- Review Details: Review the details for the data pull.
- Completed: A data pull has been completed on date and time.
- Scheduled: A data pull is scheduled for date and time.
- Disabled: A data pull has been disabled.

Traffic Flow Configuration

In the right-hand panel you can view the traffic flow configuration.

Filters

Click the filter icon to open the filter options panel. traffic flow configuration filters can be applied based on Name, Description, Source, Destination, ETL Configuration, Service Instance, and State.

Search

Use the search functionality (search box) to conduct a local search based on traffic flow criterion.

For additional information on configuring traffic flows in Data Connector, see the following:

BloxOne Threat Defense

Configuring Traffic Flows

Supported Traffic Flows

Viewing Traffic Flows

Traffic Flow Configuration

Filters

Search