Release history for the Splunk Add-on for Infoblox
The latest version of the Splunk Add-on for Infoblox is version 2.2.0. See Release notes for the Splunk Add-on for Infoblox for the release notes of this latest version.
Version 2.1.0
Version 2.1.0 of the Splunk Add-on for Infoblox was released on November 10, 2021.
Compatibility
Version 2.0.1 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 4.20.2 |
| Platforms | Platform independent |
| Vendor Products | NIOS 8.4.x, 8.5.2 |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 2.1.0 of the Splunk Add-on for Infoblox contains the following new features:
-
Added support for Infoblox NIOS v8.5.2
CIM mapping and Enhancements
Add-on now extracts the 'dns_view' field for DNS response logs under the 'infoblox:dns' sourcetype.
Audit logs when a user account is unlocked in Infoblox is now mapped to Change.Account_Management data model.
Log events when network entities like DnsView, AtpProfile, NSGroup, ARecord, ResponsePolicyZone are created or modified, are now mapped to Change:Network_Changes DM.
Extracted new CIM field 'user_name' for events mapped to Change data model.
Added support of CIM 4.20.2
Removed support for Splunk 7.x and 8.0.
Fixed issues
Version 2.1.0 of the Splunk Add-on for Infoblox fixes the following issues:
Known issues
Version 2.1.0 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 2.1.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.
Version 2.0.1
Version 2.0.1 of the Splunk Add-on for Infoblox was released on April 19, 2021.
Compatibility
Version 2.0.1 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x, 8.1.x |
| CIM | 4.17 |
| Platforms | Platform independent |
| Vendor Products | NIOS 8.4.x |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 2.0.1 of the Splunk Add-on for Infoblox contains the following new features:
- Added
dhcpCIM tag for theDHCPACKandDHCPRELEASEevents
Fixed issues
Version 2.0.1 of the Splunk Add-on for Infoblox fixes the following issues:
Known issues
Version 2.0.1 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 2.0.1 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.
Version 2.0.0
Version 2.0.0 of the Splunk Add-on for Infoblox was released on October 20, 2020.
Compatibility
Version 2.0.0 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x |
| CIM | 4.17 |
| Platforms | Platform independent |
| Vendor Products | NIOS 8.4.x |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 2.0.0 of the Splunk Add-on for Infoblox contains the following new features:
- Support for Infoblox NIOS v8.4.4.
- Support for Splunk Connect for Syslog.
- Audit logs support for Infoblox NIOS version 8.4.4
- The following Common Information Model (CIM) compatibility enhancements:
- Improved event type definition to map events to the CIM data models.
- Removed the
dest_categoryandsrc_categoryfield extraction from the DHCP events since these fields are automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. - Replaced
src,src_ip,src_macandsrc_nt_hostfields withdest,dest_ip,dest_mac, anddest_nt_hostfields respectively for the DHCP events.src*fields are not applicable to DHCP events. - Updated action field extraction for the following DHCP events:
DHCP Event Action value Description DHCPACK added The DHCPACK event notifies that the client is added to the network. DHCPRELEASE blocked A client to server message. Indicates that the client gives up use of the network address and cancels the remaining time on the lease. DHCPNAK blocked A server to client negative acknowledgment. Indicates that the client's understanding of the network address is incorrect (for example, if the client has moved to a new subnet), or a client's lease has expired.
Fixed issues
Version 2.0.0 of the Splunk Add-on for Infoblox fixes the following issues:
Known issues
Version 2.0.0 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 2.0.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.
Version 1.1.0
Version 1.1.0 of the Splunk Add-on for Infoblox was released on November 2, 2018.
Compatibility
Version 1.1.0 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2, 8.0 |
| CIM | 4.11 |
| Platforms | Platform independent |
| Vendor Products | NIOS 6.10, NIOS 8.x |
New features
- Support for the NIOS 8.x log format
- The new sourcetype
infoblox:threatprotectsupports the threat-protect event log of NIOS-8.x - Existing sourcetype
infoblox:dnsnow supports RPZ QNAME messages
Fixed issues
Version 1.1.0 of the Splunk Add-on for Infoblox fixes the following issues:
Known issues
Version 1.1.0 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2020-02-10 | ADDON-25223 | Splunk_TA_infoblox is not extracting the dns_rpz_query and dns_rpz_response_query field properly. Workaround: The workaround is to edit the infoblox_dns_rpz_qname_fields transforms, see below: Before: [infoblox_dns_rpz_qname_fields] REGEX = rpz\s+(\w+)\s+\w+\s+\w+\s+([\w\.]+)\s+\[\w+\]\s+via\s+([\w\.]+) SOURCE_KEY = named_message FORMAT = rpz_policy_trigger::$1 dns_rpz_query::$2 dns_rpz_reponse_query::$3 After: [infoblox_dns_rpz_qname_fields]
REGEX = rpz\s+(\w+)\s+\w+\s+\w+\s+([\w\-\.]+)\s+\[\w+\]\s+via\s+([\w\.]+)
SOURCE_KEY = named_message
FORMAT = rpz_policy_trigger::$1 dns_rpz_query::$2 dns_rpz_reponse_query::$3 |
Third-party software attributions
Version 1.1.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.
Version 1.0.2
| Splunk platform versions | 6.3 or later |
| CIM | 4.3 or later |
| Platforms | Platform independent |
| Vendor Products | Infloblox NIOS 6.10 |
Fixed issues
Version 1.0.2 of the Splunk Add-on for Infoblox fixes the following issues.
| Date | Issue number | Description |
|---|---|---|
| 2016-07-01 | ADDON-7931 | The Add-on doesn't provide all the fields required by CIM Network Resolution(DNS) data model. The fields such as answer, query, dest are not mapped and extracted. |
| 2016-06-23 | ADDON-9979 | Incorrect regex of the action field in sourcetype infoblox:dhcp.
|
| 2016-06-21 | ADDON-7032 | The src_ip and dest_ip are not correct in DHCPREQUEST, DHCPINFORM, DHCPRELEASE message.
|
Known issues
Version 1.0.2 of the Splunk Add-on for Infoblox contains no known issues.
Third-party software attributions
Version 1.0.2 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.
Version 1.0.1
Version 1.0.1 of the Splunk Add-on for Infoblox has the same compatibility specifications as version 1.0.2.
Fix issues
| Resolved date | Defect number | Description |
|---|---|---|
| 2015-11-02 | ADDON-6305 | Errors in eventgen. |
Known issues
Version 1.0.1 of the Splunk Add-on for Infoblox contains no known issues.
Version 1.0.0
Version 1.0.0 of the Splunk Add-on for Infoblox has the same compatibility specifications as version 1.0.1.
New features
Version 1.0.0 of the Splunk Add-on for Infoblox had the following new features.
| Date | Issue number | Description |
|---|---|---|
| 2015-08-31 | ADDON-1370 | Create a new add-on for Infoblox NIOS. |
Known issues
Version 1.0.0 of the Splunk Add-on for Infoblox contained no known issues.
Third-party software attributions
Version 1.0.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.
| Release notes for the Splunk Add-on for Infoblox |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!