Splunk® Supported Add-ons

Splunk Add-on for Infoblox

Download manual as PDF

Download topic as PDF

Sourcetypes for the Splunk Add-on for Infoblox

The Splunk Add-on for Infoblox includes the following source types and event types which map the data to the Splunk Common Information Model (CIM).

Sourcetype Event type Event example CIM data models
infoblox:dns infoblox_dns Sep 8 20:06:59 6.81.19.167 named[31744]: client 176.100.249.224#37785 (ppm.company.com): query: ppm.company.com IN A + (213.133.39.45) Network Resolution (DNS)
infoblox_dns_change Sep 8 20:03:27 12.15.29.40 named[26980]: client 160.255.250.11#33897/key dhcp_updater_default: updating zone '106.10.in-addr.arpa/IN': adding an RR at '157.164.98.58.in-addr.arpa' PTR Change Analysis
infoblox_dnz_rpz 2017-03-13T09:48:30-07:00 10.1.1.20 named[15798]: CEF:0|Infoblox|NIOS|7.3.9-343507|RPZ-QNAME|PASSTHRU|4|app=DNS dst=10.0.1.10 src=10.0.1.20 spt=55555 view=_default qtype=A msg="rpz QNAME PASSTHRU rewrite z.zzz.com [A] via a.aaa.com" Network Resolution (DNS)

Alerts

infoblox:dhcp infoblox_dhcp Sep 8 20:06:30 156.144.4.154 dhcpd[12508]: DHCPOFFER on 220.219.156.13 to 09:bf:58:10:04:09 (SCOTRL1-VM8) via eth1 relay 194.93.83.7 lease-duration 120 Network Sessions (DHCP)
infoblox_session_start Sep 8 20:06:20 127.210.157.182 dhcpd[12508]: DHCPREQUEST for 170.105.14.172 (34.91.68.68) from ec:d5:3d:f3:d9:3a via 53.58.111.245 (RENEW) Network Sessions (Session Start)
infoblox_session_end Sep 8 20:04:29 1.80.36.233 dhcpd[12508]: DHCPRELEASE of 131.131.197.150 from cc:88:11:55:78:f3 via eth1 (found) Network Sessions (Session End)
infoblox_threatprotect infoblox_threatprotect 2017-11-24T12:31:31-08:00 111.111.111.111 threat-protect-log[9346]: adp: CEF:0|Infoblox|NIOS Threat|8.2.1-359366|200001105|DROP NTP TIME requests|4|src=111.222.333.444 spt=123 dst=111.222.333.444 dpt=123 act="DROP" cat="NTP" nat=0 nfpt=0 nlpt=0 fqdn=NA hit_count=1 Intrusion Detection
PREVIOUS
About the Splunk Add-on for Infoblox
  NEXT
Release notes for the Splunk Add-on for Infoblox

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters