Infoblox Integration Guide
Infoblox should be configured to send logs via syslog to the Taegis™ XDR Collector. Infoblox logs are filtered and correlated for various security event observations. Please follow the instructions in the documentation provided by Infoblox to specify a syslog server.
Firewall Requirements ⫘
Source | Destination | Port/Protocol |
---|---|---|
Infoblox Appliance | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integrations ⫘
Auth | DHCP | DNS | File | HTTP | Management | Netflow | NIDS | Process | Thirdparty | |
---|---|---|---|---|---|---|---|---|---|---|
InfoBlox (DNS via named process) | D |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Logging Configuration Instructions ⫘
To configure your Infoblox appliance to send logs to Secureworks® Taegis™ XDR, follow the instructions provided by Infoblox to specify a syslog server in this article.
Consider the following requirements when completing the configuration steps:
- Log to External Syslog Servers — Enable this option in order to forward logs to XDR
- Address — The IP address of the XDR Collector
- Transport — UDP
- Source — Internal
- Port — 514
- Severity — Debug
- Copy Audit Log Messages to Syslog — Enable this option to include audit log messages
- Syslog Facility — local2
Note
Infoblox events are normalized as XDR Sensor Type named
.