Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Infoblox NIOS DNS | ✅ | ✅ | infoblox_nios_dns | Text | S3 | ||
Infoblox NIOS DHCP | ✅ | infoblox_nios_dhcp | Text | S3 | |||
Infoblox Audit Logs | ✅ | ✅ | infoblox_audit_logs | Text | S3 | ||
Infoblox One DNS | ✅ | ✅ | infoblox_bloxone_dns | CEF | S3 |
Overview
Infoblox is a leader in secure cloud-managed network services, specializing in DNS, DHCP, and IP address management (DDI). It provides robust solutions for automating and securing network infrastructure, preventing DNS-based attacks, and ensuring reliable connectivity. Infoblox simplifies network management for on-premises, cloud, and hybrid environments while enhancing security and scalability.
Supported data types
Infoblox NIOS DNS
Table name: infoblox_nios_dns
Infoblox NIOS DNS logs capture detailed information about DNS queries and responses handled by the Infoblox system. These logs are vital for troubleshooting DNS issues, monitoring network traffic, enhancing security by detecting malicious activities, and ensuring compliance with IT policies.
Learn more here.
Infoblox NIOS DHCP
Table name: infoblox_nios_dhcp
Infoblox NIOS DHCP logs record activities and transactions related to the Dynamic Host Configuration Protocol (DHCP) service provided by Infoblox appliances. These logs are essential for network administrators to track DHCP lease assignments, renewals, and other DHCP-related events, facilitating troubleshooting, ensuring reliable network access, and maintaining compliance with network policies.
Learn more here for the full events' schema.
Infoblox Audit Logs
Table name: infoblox_audit_logs
Infoblox Audit Logs provide detailed records of changes and actions performed within the Infoblox environment, ensuring transparency and accountability. These logs are essential for security, compliance, and operational integrity, tracking modifications to configurations, network settings, and system access.
Learn more here.
Infoblox One DNS
Table name: infoblox_bloxone_dns
Infoblox OneDNS logs provide detailed records of DNS queries and responses, helping organizations monitor network activity, detect threats, and enforce security policies. These logs capture information such as query sources, requested domains, and response details. By analyzing OneDNS logs, administrators can identify malicious domains, prevent DNS-based attacks, and maintain visibility into network traffic for enhanced security and compliance.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Infoblox logs via an intermediary AWS S3 bucket.
To connect Infoblox logs:
Export your logs to a syslog stream by following this resource for Infoblox One and this resource for Infoblox NIOS.
Ship the logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
📘 Note
There is no limitation on placing all data types in the same bucket in separate folders.
Each data types will require a separate data flow set up on the Hunters platform.
Expected format
The expected format of the logs is the raw message format as exported by Infoblox. The expected timestamp format is %d-%b-%Y %H:%M:%S.%f, where timestamps are in UTC.
Infoblox NIOS DNS Sample
Logs are expected in text format.
Feb 8 2022 04:27:59 1.2.3.4 named[16520]: client @0xabcdef123456 1.3.5.7#1234 (domain.to.query.com): query: domain.to.query.com IN A + (7.7.7.7)
Infoblox NIOS DHCP Sample
Logs are expected in text format.
May 21 02:23:07 10.9.9.9 dhcpd[22458]: Added new forward map from TEST-TEST1.company.firm to 10.1.1.6
May 21 11:35:15 10.9.9.9 dhcpd[22458]: r-l-e:10.3.3.1,Renewed,,ff:ff:ff:ff:ff:ff,1684668915,1684683315,,$
May 21 11:35:21 10.9.9.9 dhcpd[22458]: DHCPACK on 10.4.4.5 to dd:dd:dd:dd:dd:dd (XXXXXXXX) via eth2 relay 10.3.3.2 lease-duration 14400 (RENEW)
Infoblox Audit Sample
Logs are expected in text format.
May 22 13:51:21 10.101.37.23 httpd: 2023-05-22 13:51:21.611Z [Service]: Login_Allowed - - to=AdminConnector ip=10.10.20.10 auth=LOCAL group=my-group apparently_via=API
May 23 18:51:14 10.101.37.23 httpd: 2023-05-23 18:51:14.263Z [Service]: Logout - - ip=10.10.10.10 group=IT-Group trigger_event=Normal-Logout
Infoblox One DNS Sample
Logs are expected in CEF format.
<134>1 2023-09-15T09:04:03.890Z AAA dataconnector - DNS-RESPONSE - CEF:0|Infoblox|Data Connector|2.1.3|DNS Response|DNS Response IN A NOERROR|1|dst=8.8.22.22 src=22.22.8.8 spt=1234 proto=UDP app=DNS InfobloxDNSView=External destinationDnsDomain=google.google.com InfobloxDNSQClass=IN InfobloxDNSQType=A InfobloxDNSQFlags=+ InfobloxDNSRCode=NOERROR msg="shop.online.com. 185 IN A 22.22.8.8" InfobloxAnCount=1 InfobloxNsCount=0 InfobloxArCount=0