Overview

This document provides information and installation steps for integration Infoblox BloxOne and IBM QRadar SIEM.

IBM QRadar is an enterprise-level security information and event management (SIEM) platform. It collects, processes, aggregates, and stores network data in real time. Its modular architecture allows IT infrastructure to perform quick threat detection and prioritization. 

Together with the Infoblox Cloud extension for QRadar, you can provide even more visibility to your network. Using the Infoblox Cloud Data Connector (CDC), a feature of BloxOne Threat Defense, you can send your DNS query/response data, security logs and DHCP logs to QRadar to be richly analyzed and monitored. Additionally, if you have access, you can enrich your data even further with Infoblox TIDE data directly in QRadar.

You do not need TIDE access if you wish to only ingest your Infoblox CDC logs. Vice versa, you do not need to deploy and configure a CDC to enable TIDE IoC enrichment. You can use features for either one or both.