Version: Infoblox DDI (DHCP, DNS, and IPAM) with NIOS version 7.0.x and later

Infoblox DDI is a critical technology with DNS, DHCP, IPAM functionalities which provides maximum protection and offers minimum attack surface. Infoblox DDI forwards logs to Netsurion Open XDR via syslog. Netsurion Open XDR receives DNS, DHCP, and IPAM logs from Infoblox DDI. Netsurion Open XDR Infoblox DDI report provides information about DHCP IP assignment and DHCP IP lease expiration of the systems.

These reports help to track, client’s events receiving suspicious responses by the DNS response policy zone.

Dashboards display a graphical representation of the object management, user logon activities, DHCP activities. For e.g. Object management events include, new object (DHCP range, a record, MX record, etc.) creation, existing object modification or deletion.

Alerts are triggered when a user performs any of the following activities: new object creation, old objects modification or deletion, user login fails, etc.

  • Security – DNS response policy zone and threat protection logs
  • Operations – System management and DHCP IP assignment
  • Compliance – Object changelogs and user logon activities

After Infoblox DDI is configured to deliver events to Netsurion Open XDR, alerts, dashboards, and reports can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.