Document toolboxDocument toolbox

dns.infoblox

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Jul 25, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with dns.infoblox identify events generated by DNS services belonging to Infoblox.

Valid tags and data tables 

The full tag must have at least 3 levels. The first two are fixed as dns.infoblox. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Infoblox

dns.infoblox.bloxonethreatdefense.threats

dns.infoblox.bloxonethreatdefense.threats

dns.infoblox.response

dns.infoblox.response

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

dns.infoblox.bloxonethreatdefense.threats

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

category

str

 

 

confidence

str

 

 

country

str

 

 

device

str

 

 

dhcp_fingerprint

str

 

 

event_time

timestamp

 

 

feed_name

str

 

 

feed_type

str

 

 

mac_address

mac

 

 

network

str

 

 

os_version

str

 

 

policy_name

str

 

 

private_ip

ip4

 

 

qip

ip4

 

 

qname

str

 

 

qtype

str

 

 

rcode

str

 

 

rdata

ip4

 

 

rip

ip4

 

 

severity

str

 

 

tclass

str

 

 

threat_indicator

str

 

 

tproperty

str

 

 

user

str

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

 

✓

dns.infoblox.response

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host

str

 

vhost

 

event_type

str

 

 

 

IP

ip4

 

 

 

port

int4

 

 

 

info

str

 

 

 

DNS_view

str

 

 

 

DNS_transfer_of

str

 

 

 

DNS_zone

str

 

 

 

DNS_zone_transfer

str

 

 

 

DNS_update

str

 

 

 

protocol

str

 

 

 

queried_domain

str

 

 

 

class

str

 

 

 

type

str

 

 

 

recursion

str

 

 

 

rcode

str

 

 

 

flags

str

 

 

 

RR

str

 

join(RR_list, ";")

 

RR_list

 

server_ip

ip4

 

 

 

server_name

str

 

 

 

msg

str

 

 

 

serverdate

timestamp

 

 

 

unknown

str

 

 

 

rawMessage

str

 

rawSource

✓

hostchain

str

 

 

✓

tag

str

 

 

✓