Infoblox
Version: Infoblox DDI (DHCP, DNS, and IPAM) with NIOS version 7.0.x and later
Infoblox DDI is a critical technology with DNS, DHCP, IPAM functionalities which provides maximum protection and offers minimum attack surface. Infoblox DDI forwards logs to Netsurion Open XDR via syslog. Netsurion Open XDR receives DNS, DHCP, and IPAM logs from Infoblox DDI. Netsurion Open XDR Infoblox DDI report provides information about DHCP IP assignment and DHCP IP lease expiration of the systems.
These reports help to track, client’s events receiving suspicious responses by the DNS response policy zone.
Dashboards display a graphical representation of the object management, user logon activities, DHCP activities. For e.g. Object management events include, new object (DHCP range, a record, MX record, etc.) creation, existing object modification or deletion.
Alerts are triggered when a user performs any of the following activities: new object creation, old objects modification or deletion, user login fails, etc.
- Security – DNS response policy zone and threat protection logs
- Operations – System management and DHCP IP assignment
- Compliance – Object changelogs and user logon activities
After Infoblox DDI is configured to deliver events to Netsurion Open XDR, alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
Type | Name | Description |
---|---|---|
Operations | Infoblox DDI – High CPU Usage Detected | This alert is triggered when the CPU usage is critical. |
Operations | Infoblox DDI – High Disk Usage Detected | This alert is triggered when the disk space usage is critical. |
Operations | Infoblox DDI – High Memory Usage Detected | This alert is triggered when the memory usage is critical. |
Compliance | Infoblox DDI – Object created deleted and modified | This alert is triggered when an object (DHCP range, a record, etc.) is either deleted or modified. |
Compliance | Infoblox DDI – User login failed | This alert is triggered when a user tries to login but fails. For e.g. Incorrect username or password. (i.e. when user tries to login from GUI). |
Reports
Type | Name | Description |
---|---|---|
Security | Infoblox DDI – Threat detection detail | This report provides information related to suspicious URLs detected as DDoS activities, severity, IP address, port number, etc. |
Security | Infoblox DDI – DNS response policy zone threat detail | This report provides information related to Infoblox DDI to create rules for handling specific queries, IP address, port details, severity level, URL address, etc. |
Operations | Infoblox DDI – DHCP IP assignment details | This report provides information related to the assignment, release and expiration of the IP address to the system which includes IP address, MAC address, lease-duration and status (assign, renew, release or expired) fields. |
Operations | Infoblox DDI – DNS query and responses | This report provides information related to client requested queries and server responses, IP address, URL address, and record type. |
Compliance | Infoblox DDI – Object created deleted and modified | This report provides information related to the creation, deletion and modification of the objects (like DHCP range, A record, MX record) which includes object type, object name, action and messages (information about the changes) fields. |
Compliance | Infoblox DDI – User login allowed | This report provides information related to user login and logout success which includes device address, username, group name, source address, console type, logon status, reason, and authentication type fields. |
Compliance | Infoblox DDI – User login failed | This report provides information related to user login failed which includes device address, username, group name, source address, console type, logon status, reason, and authentication type fields. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x and later, and Infoblox.
Download Integration Guide and How-to Guide for configuration instructions and more information.