Document toolboxDocument toolbox

Configuring Sources

Owned by Shirly Tsang
Jul 31, 2019
2 min read

For Data Connector to collect corresponding data and security logs and for traffic flows to function properly, you must set up your sources correctly.

The following sections provide information about how to set up NIOS as your source before you add them to the Data Connector traffic flows:

Note

BloxOne Threat Defense Cloud is pre-configured as the source. No configuration is required on your part.

Adding Sources

To add sources for the Data Connector traffic flows, complete the following:

  1. Log in to the Cloud Services Portal.
  2. Click Manage -> Data Connector.
  3. Select the Source Configuration tab, and then click Create.
  4. From the Create drop-down list, select NIOS.
  5. In the Create NIOS Source Configuration wizard, complete the following:
    • Name: Enter the name of the source. Select a name that best describes the source, so that you can distinguish this from other sources.
    • Description: Enter the description of the source. The field length is 256 characters.
    • State: Use the slider to enable or disable the source configuration. Note that the source configuration is in effect only when you enable it. If you disable the source configuration, you will not be able to select this source when you create a traffic flow.
    • Expand the Source Data Type section, and select the source data you want the Data Connector to collect from this source.

Note

The Data Connector supports specific traffic flows for specific source data. Ensure that you select the supported destination in your traffic flows when you configure this source in a traffic flow. For information about supported traffic flows, see Supported Traffic Flows.

    • In the CREDENTIALS FOR GRID MASTER CONFIGURATION section, complete the following:
      • FQDN/IP: Enter the FQDN or the IP address of the source.
      • User Name: Enter the user name for the source credentials. The Data Connector uses this entry to access the source appliance.
      • Password: Enter the password for the source credentials. The Data Connector uses this entry to access the source appliance.
      • Insecure Mode: This is selected by default if you do not upload a CA certificate. When this checkbox is selected, Data Connector uses basic authentication using the user name and password you entered. However, if you do not upload a CA certificate, your credentials will not be encrypted.
      • CA Certificate: Click Select file to upload the CA-signed certificate for the NIOS appliance. When you upload a valid CA certificate, Data Connector uses the basic authentication using the credentials, plus the certificate you uploaded to secure the connection.
    • To allow query and response log data transfer, you must allow access for the Data Connector to collect this data through SCP. In the SCP CREDENTIALS FOR DNS QUERY LOGS TRANSFER section, complete the following:
      • User Name: Enter the user name used to access the SCP server. The Data Connector uses SCP to communicate with the source.
      • Password: Enter the password for the SCP server.
    • If you select RPZ Logs as the source data type, you must upload the security certificate for the Data Connector to access the RPZ logs. In the CERTIFICATE FOR RPZ LOGS section, complete the following:
      • Certificate for RPZ Logs: Click Select file and navigate to the RPZ certificate to upload it.