Overview
Blumira’s integration with Infoblox allows you to retrieve event data from Infoblox directly to your Blumira sensor. Now you can start centralizing logs and leveraging Blumira’s security insight to detect and respond to threats.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Configuring Syslog Forwarding in Infoblox
Follow the steps from Infoblox in Configuring Syslog Forwarding to begin sending logs to the Blumira Sensor.
Provide the Blumira sensor information when setting up your syslog server:
- IP address of the Blumira sensor
- Port number 514
Important: When configuring Infoblox syslog for Blumira, ensure that you select individual log categories instead of sending all events. If you send all events, the integration will provide limited visibility into your Infoblox logs because an additional header will be added that will impact how the logs are parsed.