Wider attack surface coverage powered by hundreds of integrations and deeper threat visibility powered by thousands of detections.
Version: Infoblox DDI (DHCP, DNS, and IPAM) with NIOS version 7.0.x and later
Infoblox DDI is a critical technology with DNS, DHCP, IPAM functionalities which provides maximum protection and offers minimum attack surface. Infoblox DDI forwards logs to Netsurion's Open XDR platform via syslog. Netsurion receives DNS, DHCP, and IPAM logs from Infoblox DDI. Netsurion's Open XDR platform Infoblox DDI report provides information about DHCP IP assignment and DHCP IP lease expiration of the systems.
These reports help to track, client's events receiving suspicious responses by the DNS response policy zone.
Dashboards display a graphical representation of the object management, user logon activities, DHCP activities. For e.g. Object management events include, new object (DHCP range, a record, MX record, etc.) creation, existing object modification or deletion.
Alerts are triggered when a user performs any of the following activities: new object creation, old objects modification or deletion, user login fails, etc.
After Infoblox DDI is configured to deliver events to Netsurion, alerts, dashboards, and reports can be configured into Netsurion.
The configuration details are consistent with Netsurion version 9.x and later, and Infoblox DDI with NIOS version 7.0.x and later.
Download Integration Guide and How-to Guide for more information and to configuration instructions.