Overview

InfoBlox is a network security appliance, that concentrates on DNS, DHCP and IPAM (IP Address Management), from both On Prem and Cloud. Integrating your InfoBlox logs to the Hunters ecosystem will allow storing the data in a parsed format, as well as investigate threat scenarios over it and getting related Hunters' detections for your tenant.

Supported Data Types

  • InfoBlox NIOS DNS - DNS related data logged by InfoBlox NIOS on premise (see more details here).

  • InfoBlox One DNS - DNS related data logged by InfoBlox One in the cloud (see more details here).

Hunters Integration

In order to integrate your InfoBlox NIOS / One logs into Hunters, the logs need to be collected from your network to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters. The collection of the logs should be done via syslog (more details here for InfoBlox One and here for InfoBlox NIOS).

The expected format of the logs is the raw message format as exported by InfoBlox. The expected timestamp format is %d-%b-%Y %H:%M:%S.%f, where timestamps are in UTC.

InfoBlox NIOS DNS sample:

InfoBlox NIOS DNS sample

Feb 8 2022 04:27:59 1.2.3.4 named[16520]: client @0xabcdef123456 1.3.5.7#1234 (domain.to.query.com): query: domain.to.query.com IN A + (7.7.7.7)

InfoBlox One DNS sample:

InfoBlox One DNS sample

{'opcode': 0, 'timestamp': 1643830435, 'qname': 'prebid.a-mo.net.', 'qtype': 1, 'qclass': 1, 'source': '', 'qip': '103.111.181.147', 'qport': 51864, 'rip': '', 'rport': -1, 'protocol': 17, 'delay': -1.0, 'rcode': 0, 'type': 1, 'qqr': False, 'qaa': False, 'qtc': False, 'qrd': False, 'qra': False, 'qad': False, 'qcd': False, 'qdo': False, 'rqr': True, 'raa': False, 'rtc': False, 'rrd': True, 'rra': True, 'rad': False, 'rcd': False, 'rdo': False, 'qrr1': None, 'qrr2': None, 'qrr3': None, 'rrr1': None, 'rrr2': None, 'rrr3': None, 'view': '', 'anonymized': False, 'nanosec': 305054531, 'pid': '37695', 'cid': ':61026a6205e5d59656ae996ec3aa1570', 'tid': '', 'ancount': 1, 'nscount': 0, 'arcount': 1, 'username': '', 'region': 'ap-south-1', 'cmac': '', 'extra': {'all_tags': 'APP_Uncategorized,CAT_Web Ads'}, 'version': ''}