Depending on your business needs, you can configure the Data Connector traffic flow to send and receive data. The Data Connector collects specified data and generates the data into a specific data format before sending the data to the supported destinations.
For Data Connector to function properly, you must define the type of data and the source from which the Data Connector collects data, as well as the destination to which the Data Connector transfers the data. You can create different traffic flows for different purposes. For example, you can create a traffic flow for the Data Connector to collect DNS query and response data from a NIOS appliance and have it send the data to the NIOS Reporting Server. You can create another traffic flow for the same Data Connector to collect threat feeds and custom hits from BloxOne Threat Defense Cloud and send the data to Splunk.
Note
Before you configure traffic flows for the Data Connector, you must first enable the Data Connector service on the on-prem host, and then set up sources and destinations that you want to use in the traffic flows. For more information, see Configuring Sources and Configuring Destinations.
Supported Traffic Flows
The following table lists the sources, the corresponding data types, and destinations that the Data Connector supports:
| Sources | Data Types | Format | Destinations |
|---|---|---|---|
| NIOS |
| For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, CSV format is supported. For Threat Insight, parquet files via gRPC streaming is supported. Note Only one traffic flow is supported for the Syslog/Splunk/Splunk Cloud/NIOS Reporting destination. |
|
| NIOS |
| Parquet files via gRPC streaming | BloxOne Threat Defense Cloud |
| BloxOne Threat Defense Cloud |
Streaming of data is close to real time. | For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, CSV format is supported. |
|
| BloxOne DDI |
| For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. For NIOS Reporting, CSV format is supported. Note Only one traffic flow is supported for the Syslog/Splunk/Splunk Cloud/NIOS Reporting destination. |
|
| BloxOne DDI |
| For generic syslog, CEF (Common Event Format) and LEEF (Log Event Extended Format) are supported. DHCP enriched logs, including certain metadata, are sent in CEF and LEEF format. For Splunk and Splunk Cloud, Infoblox Legacy and Splunk CIM formats are supported. |
|
Viewing Traffic Flows
To view traffic flows for the Data Connector, complete the following:
- Log in to the Cloud Services Portal.
- Go to Manage -> Data Connector.
- Select the Traffic Flow Configuration tab, and the Cloud Services Portal displays the following for all the traffic flow configurations:
- NAME: The name of the source configuration.
- DESCRIPTION: The information about the source configuration.
- SOURCE: The filter criterion for the source process.
- DESTINATION: The destination for the traffic flow.
- ETL CONFIGURATION: Description of the ETL configuration type.
- CDC INSTANCE: The name of the CDC instance.
- STATE: Describes whether the configuration is Enabled or Disabled.
For additional information on configuring traffic flows in data connector, see the following:
This page has no comments.