CSP Configuration

Follow the steps below in the Infoblox Cloud Services Portal (CSP) to configure the Infoblox Cloud Data Connector (CDC) to send BloxOne data to QRadar. See more information on the CDC here. 

The CDC is a major feature of BloxOne Threat Defense and as such requires appropriate licensing and deployment. This integration will NOT deploy a CDC. 

1. Navigate to Manage > Data Connector.

2. Click the Destination Configuration tab at the top.

3. Click Create > Syslog.

   1. Name: Give the new Destination a meaningful name, such as QRadar-Destination.

   2. Description: Optionally give it a meaningful description.

   3. State: Set the state to Enabled.

   4. Format: Set the format to CEF.

   5. FQDN/IP: Enter the IP address of the QRadar appliance. If using a proxy or other syslog forwarder, enter that IP instead.

   6. Port: Leave the port number at 514.

   7. Protocol: Select desired protocol and CA certificate if applicable.

   8. Click Save & Close.

4. Click the Traffic Flow Configuration tab at the top.

5. Click Create.

   1. Name: Give the new Traffic Flow a meaningful name, such as QRadar-Flow.

   2. Description: Optionally give it a meaningful description.

   3. State: Set the state to Enabled.

   4. Expand the Service Instance section.

      1. Service Instance: Select your desired service instance host for which the Data Connector service is enabled.

   5. Expand the Source Configuration section.

      1. Source: Select BloxOne Cloud Source.

      2. Select all desired log types you wish to collect. Currently supported log types are:

         1. Threat Defense Query/Response Log

         2. Threat Defense Threat Feeds Hits Log

         3. DDI Query/Response Log

         4. DDI DHCP Lease Log

         5. Audit Log

         6. Service Log

   6. Expand the Destination Configuration section.

      1. Select the Destination you just created.

   7. Click Save & Close.

6. Allow the configuration some time to activate.