Setup and Configuration
- Shirly Tsang
Analytics
Configuring the Infoblox Cloud Data Connector
Go to Microsoft Sentinel Workspace, go to Data Connectors, search for the Infoblox Data Connector. Click on the Infoblox Cloud Data Connector via AMA and click on the Open connector page.
This Microsoft Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the Infoblox Data Connector is a feature of Threat Defense, access to an appropriate Threat Defense subscription is required. See this quick-start guide for more information and licensing requirements.
Go to your Linux machine that you have created to capture syslog data and run the command in step 1.2 of the data connector configuration page to install CEF collector on that machine
Configure the traffic flow on BloxOne portal as mentioned in step 2 of the data connector configuration page
Validate the connection using the step 3 of the configuration page
Configuring the Infoblox SOC Insight Data Connector via REST API
To connect the SOC Insights connector, we need to create and configure the Infoblox-SOC-Get-Open-Insights-API playbook which is deployed with this solution. To deploy and configure this playbook, follow the steps mentioned in the Configure Playbook section.
User needs to manually run the playbook after deployment. To do so, go to Logic Apps. Select the Infoblox-SOC-Get-Open-Insights-API and click on Run button.