Infoblox

Infoblox ingests and normalizes logs from Infoblox's DDI (DNS, DHCP, and IPAM) services in Logpoint. Once ingested, you can explore and analyze the data using Logpoint's search capabilities and available analytics for this integration, including dashboards and alerts. This gives you clear visibility into DNS operations, DHCP activity, authentication events, and system operations, enabling faster detection, compliance, and response.

The integration includes:

• Syslog Collector to retrieve raw logs from Infoblox devices and ingest them into Logpoint for processing.

• Syslog Parser to extract key fields from raw Infoblox logs.

• InfobloxNormalizer to convert the parsed logs into a standardized format for consistent analysis across Logpoint.

• Dashboard packages (LP_InfoBlox - Operational, LP_Infoblox - DHCP, LP_Infoblox - DNS), which provide a graphical and interactive overview of Infoblox activities, highlighting patterns including DHCP lease assignments, DNS query trends, authentication failures, and zone transfers. It allows you to quickly spot unusual behavior, monitor compliance, and track operational changes over time.

• Alert packages (LP_Infoblox Key Authentication Fail, LP_Infoblox Scheduled Backup Fail, LP_Infoblox User Login Fail, LP_Infoblox Zone Update Fail) that notify you about critical security and operational events, including authentication failures, backup failures, and DNS zone update issues. They enable faster incident response and help you maintain compliance with internal or regulatory security requirements.