Splunk® Supported Add-ons

Splunk Add-on for Infoblox

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Infoblox

The latest version of the Splunk Add-on for Infoblox is version 2.2.0. See Release notes for the Splunk Add-on for Infoblox for the release notes of this latest version.

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for Infoblox was released on November 10, 2021.

Compatibility

Version 2.0.1 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x
CIM 4.20.2
Platforms Platform independent
Vendor Products NIOS 8.4.x, 8.5.2


The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 2.1.0 of the Splunk Add-on for Infoblox contains the following new features:

    Added support for Infoblox NIOS v8.5.2 CIM mapping and Enhancements Add-on now extracts the 'dns_view' field for DNS response logs under the 'infoblox:dns' sourcetype. Audit logs when a user account is unlocked in Infoblox is now mapped to Change.Account_Management data model. Log events when network entities like DnsView, AtpProfile, NSGroup, ARecord, ResponsePolicyZone are created or modified, are now mapped to Change:Network_Changes DM. Extracted new CIM field 'user_name' for events mapped to Change data model. Added support of CIM 4.20.2 Removed support for Splunk 7.x and 8.0.

Fixed issues

Version 2.1.0 of the Splunk Add-on for Infoblox fixes the following issues:

Known issues

Version 2.1.0 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:

Third-party software attributions

Version 2.1.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.


Version 2.0.1

Version 2.0.1 of the Splunk Add-on for Infoblox was released on April 19, 2021.

Compatibility

Version 2.0.1 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.2.x, 7.3.x, 8.0.x, 8.1.x
CIM 4.17
Platforms Platform independent
Vendor Products NIOS 8.4.x


The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 2.0.1 of the Splunk Add-on for Infoblox contains the following new features:


  • Added dhcp CIM tag for the DHCPACK and DHCPRELEASE events

Fixed issues

Version 2.0.1 of the Splunk Add-on for Infoblox fixes the following issues:

Known issues

Version 2.0.1 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:

Third-party software attributions

Version 2.0.1 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Infoblox was released on October 20, 2020.

Compatibility

Version 2.0.0 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.2.x, 7.3.x, 8.0.x
CIM 4.17
Platforms Platform independent
Vendor Products NIOS 8.4.x


The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 2.0.0 of the Splunk Add-on for Infoblox contains the following new features:

  • Support for Infoblox NIOS v8.4.4.
  • Support for Splunk Connect for Syslog.
  • Audit logs support for Infoblox NIOS version 8.4.4
  • The following Common Information Model (CIM) compatibility enhancements:
    • Improved event type definition to map events to the CIM data models.
    • Removed the dest_category and src_category field extraction from the DHCP events since these fields are automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security.
    • Replaced src, src_ip, src_mac and src_nt_host fields with dest, dest_ip, dest_mac, and dest_nt_host fields respectively for the DHCP events. src* fields are not applicable to DHCP events.
    • Updated action field extraction for the following DHCP events:
      DHCP Event Action value Description
      DHCPACK added The DHCPACK event notifies that the client is added to the network.
      DHCPRELEASE blocked A client to server message. Indicates that the client gives up use of the network address and cancels the remaining time on the lease.
      DHCPNAK blocked A server to client negative acknowledgment. Indicates that the client's understanding of the network address is incorrect (for example, if the client has moved to a new subnet), or a client's lease has expired.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Infoblox fixes the following issues:

Known issues

Version 2.0.0 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Infoblox was released on November 2, 2018.

Compatibility

Version 1.1.0 of the Splunk Add-on for Infoblox is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2, 8.0
CIM 4.11
Platforms Platform independent
Vendor Products NIOS 6.10, NIOS 8.x

New features

  • Support for the NIOS 8.x log format
  • The new sourcetype infoblox:threatprotect supports the threat-protect event log of NIOS-8.x
  • Existing sourcetype infoblox:dns now supports RPZ QNAME messages

Fixed issues

Version 1.1.0 of the Splunk Add-on for Infoblox fixes the following issues:


Known issues

Version 1.1.0 of the Splunk Add-on for Infoblox fixes the following issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-02-10 ADDON-25223 Splunk_TA_infoblox is not extracting the dns_rpz_query and dns_rpz_response_query field properly.

Workaround:
The workaround is to edit the infoblox_dns_rpz_qname_fields transforms, see below:

Before:

[infoblox_dns_rpz_qname_fields] REGEX = rpz\s+(\w+)\s+\w+\s+\w+\s+([\w\.]+)\s+\[\w+\]\s+via\s+([\w\.]+) SOURCE_KEY = named_message FORMAT = rpz_policy_trigger::$1 dns_rpz_query::$2 dns_rpz_reponse_query::$3

After:

[infoblox_dns_rpz_qname_fields] REGEX = rpz\s+(\w+)\s+\w+\s+\w+\s+([\w\-\.]+)\s+\[\w+\]\s+via\s+([\w\.]+) SOURCE_KEY = named_message FORMAT = rpz_policy_trigger::$1 dns_rpz_query::$2 dns_rpz_reponse_query::$3

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.


Version 1.0.2

Splunk platform versions 6.3 or later
CIM 4.3 or later
Platforms Platform independent
Vendor Products Infloblox NIOS 6.10

Fixed issues

Version 1.0.2 of the Splunk Add-on for Infoblox fixes the following issues.

Date Issue number Description
2016-07-01 ADDON-7931 The Add-on doesn't provide all the fields required by CIM Network Resolution(DNS) data model. The fields such as answer, query, dest are not mapped and extracted.
2016-06-23 ADDON-9979 Incorrect regex of the action field in sourcetype infoblox:dhcp.
2016-06-21 ADDON-7032 The src_ip and dest_ip are not correct in DHCPREQUEST, DHCPINFORM, DHCPRELEASE message.

Known issues

Version 1.0.2 of the Splunk Add-on for Infoblox contains no known issues.

Third-party software attributions

Version 1.0.2 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.


Version 1.0.1

Version 1.0.1 of the Splunk Add-on for Infoblox has the same compatibility specifications as version 1.0.2.

Fix issues

Resolved date Defect number Description
2015-11-02 ADDON-6305 Errors in eventgen.

Known issues

Version 1.0.1 of the Splunk Add-on for Infoblox contains no known issues.

Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Infoblox has the same compatibility specifications as version 1.0.1.

New features

Version 1.0.0 of the Splunk Add-on for Infoblox had the following new features.

Date Issue number Description
2015-08-31 ADDON-1370 Create a new add-on for Infoblox NIOS.

Known issues

Version 1.0.0 of the Splunk Add-on for Infoblox contained no known issues.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Infoblox does not incorporate any third-party software or libraries.

Last modified on 06 October, 2022
PREVIOUS
Release notes for the Splunk Add-on for Infoblox 		 

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters