Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Infoblox DNS/DHCP

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Host Name, Hardware model, Serial number, Network Interfaces, Running processes, Installed software

System CPU utilization, Memory utilization, Disk usage, Disk I/O

Performance Monitoring

SNMP

Process level CPU utilization, Memory utilization

SNMP

Zone Transfer metrics:  For each zone: DNS Responses Sent, Failed DNS Queries, DNS Referrals, Non-existent DNS Record Queries, DNS Non-existent Domain Queries, Recursive DNS Query Received

DNS Cluster Replication metrics: DNS Replication Queue Status, Sent Queue From Master, Last Sent Time From Master, Sent Queue To Master, Last Sent Time To Master

DNS Performance metrics: NonAuth DNS Query Count, NonAuth Avg DNS Latency, Auth DNS Query Count, Auth Avg DNS Latency, Invalid DNS Port Response, Invalid DNS TXID Response

DHCP Performance metrics: Discovers/sec, Requests/Sec, Releases/Sec, Offers/sec, Acks/sec, Nacks/sec, Declines/sec, Informs/sec

DDNS Update metrics: DDNS Update Success, DDNS Update Fail, DDNS Update Reject, DDNS Prereq Update Reject, DDNS Update Latency, DDNS Update Timeout

DHCP subnet usage metrics: For each DHCP Subnet (addr, mask) - percent used

Security Monitoring and compliance

SNMP

Hardware status

Availability monitoring

SNMP Trap

Hardware failures, Software failures

Availability monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "infoblox" to see the event types associated with this device. 

Reports

In RESOURCES > Reports, search for "infoblox" in the main content panel Search... field to see the reports associated with this application or device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

SNMP Trap

FortiSIEM processes events from this device via SNMP traps sent by the device. Configure the device to send SNMP traps to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>

Infoblox DNS/DHCP

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Host Name, Hardware model, Serial number, Network Interfaces, Running processes, Installed software

System CPU utilization, Memory utilization, Disk usage, Disk I/O

Performance Monitoring

SNMP

Process level CPU utilization, Memory utilization

SNMP

Zone Transfer metrics:  For each zone: DNS Responses Sent, Failed DNS Queries, DNS Referrals, Non-existent DNS Record Queries, DNS Non-existent Domain Queries, Recursive DNS Query Received

DNS Cluster Replication metrics: DNS Replication Queue Status, Sent Queue From Master, Last Sent Time From Master, Sent Queue To Master, Last Sent Time To Master

DNS Performance metrics: NonAuth DNS Query Count, NonAuth Avg DNS Latency, Auth DNS Query Count, Auth Avg DNS Latency, Invalid DNS Port Response, Invalid DNS TXID Response

DHCP Performance metrics: Discovers/sec, Requests/Sec, Releases/Sec, Offers/sec, Acks/sec, Nacks/sec, Declines/sec, Informs/sec

DDNS Update metrics: DDNS Update Success, DDNS Update Fail, DDNS Update Reject, DDNS Prereq Update Reject, DDNS Update Latency, DDNS Update Timeout

DHCP subnet usage metrics: For each DHCP Subnet (addr, mask) - percent used

Security Monitoring and compliance

SNMP

Hardware status

Availability monitoring

SNMP Trap

Hardware failures, Software failures

Availability monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "infoblox" to see the event types associated with this device. 

Reports

In RESOURCES > Reports, search for "infoblox" in the main content panel Search... field to see the reports associated with this application or device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

SNMP Trap

FortiSIEM processes events from this device via SNMP traps sent by the device. Configure the device to send SNMP traps to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>