Creating Traffic Flows

To add a new traffic flow for the Data Connector, do the following:

Log in to the Infoblox Portal.
Go to Configure > Integrations > Data Connector.
In the Traffic Flow Configuration tab, click Create Configuration.
Complete the following sections of the Create New Data Configuration wizard:
General
in the General pane, specify the following:
1. Name: Enter a name for this configuration.
2. Description: Enter a description to distinguish this Data Connector from other flows. The maximum length of the description is 256 characters.
3. State: Use the slider to enable or disable this configuration. When the configuration is disabled, traffic does not flow.
4. Tags: Click Add and specify a key-value pair to associate with the application:
  - KEY: Enter a meaningful name for the key, such as a location or department.
  - VALUE: Enter a value for that key. For more information, see Managing Tags.
Click Next to proceed.
Log Source Configuration
In the Log Source Configuration pane, specify the following:
1. Source: Select a source from among the available source options in the list of sources or click the Add icon to create a new source. For information on adding a new traffic flow data configuration source, see Adding a New Traffic Flow Source. Click Select to add the source to the configuration. The source field will be pre-populated when using a marketplace script subscribed to through Infoblox Ecosystem.
2. Source Configuration: Click Add Log Type to add a log type (dependent on source type) from among the available options; Audit Log, DDI DHCP Lease Log, DDI Query/Response Log, Internal Notifications, Service Log, Threat Defense Query/Response Log, Threat Defence Threat Feeds Hit Log, IPAM Metadata/DHCP Lease Information, RPZ Logs for Threat Defense, adn Logs for B1DDI.
  Additional information based on source type:
  1. Infoblox Platform source; Using Infoblox Cloud Source user is able to select Audit Log, Internal Notifications, Service Log, Threat Defense Threat Feeds Hits Log, Threat Defense Query/Response Log, DDI DHCP Lease Log, DDI Query/Response Log.
  2. NIOS source: Using NIOS source user is able to select IPAM Metadata/DHCP Lease Information,Query/Response Log,RPZ Logs for Threat Defense, and RPZ Logs for Universal DDI
    
    Image: The Add Log Type options.
3. Export Fields: Click the Manage link associated with a selected log type to select your export options. For information on the available export options for each log type, see Log Source Configuration Export Options.
  
  Image: Source configuration log types displaying the Manage link where export options can be selected.
4. Filters: Specify ETL Configurations by adding an ETL filter configuration in the text field.
Click Next to continue.
Destination Configuration
In the Destination Configuration pane, select a destination from among the available destination options in the list of destinations or click the Add icon to create a new destination. Click Select to add the destination to the configuration.
Click Next to continue. For information on adding a new traffic flow data configuration destination, see Adding a New Traffic Flow Destination.
Service Instance
Choose a service instance from the drop-down menu. If you have subscribed to the Infoblox Ecosystem, you can choose Data Connector in Infoblox Cloud as the service instance. This option allows you to forward logs directly to Microsoft Sentinel and Splunk Cloud using HTTPS. For information, see Data Connector HTTP Destination for MS Sentinel and Splunk (Data Connector to On-prem or Cloud).

Image: Choosing Data Connector in Infoblox Cloud as the service instance.
Summary:
1. Name: Enter a name for this configuration.
2. Description: Enter a description to distinguish this Data Connector from other services. The maximum length of the description is 256 characters.
3. State: Use the slider to enable or disable this configuration. When the configuration is disabled, traffic does not flow.
4. Tags: Click Add and specify a key-value pair to associate with the application:
  - KEY: Enter a meaningful name for the key, such as a location or department.
  - VALUE: Enter a value for that key. For more information, see Managing Tags.
Summary
Use the Summary page to do the following:

Review the details of your new traffic flow instance before saving it.
Modify a specific configuration: Click the respective section in the navigation on the left, or click Back to go back to the previous sections.
View detailed information for a specific section. For example, Click Save & Close to save your configuration, or click Cancel to discard all the changes you have made.