NIOS RPZ feed recommendations to use after the feed revamp release in January 2025.
...
Feed Availability | |||
|---|---|---|---|
Feed Name | Essentials | Business On-Prem | Advanced |
Infoblox Base | ✔ | ✔ | ✔ |
Infoblox Base IP | NA | ✔ | ✔ |
Infoblox High Risk | NA | NA | ✔ |
Infoblox Medium Risk | NA | NA | ✔ |
Infoblox Low Risk | NA | NA | ✔ |
Infoblox Informational | NA | ✔ | ✔ |
...
Feed Name | RPZ Feed Name | Description |
Infoblox Base | infoblox-base.rpz.infoblox.local | Infoblox Base feed enables protection against known malicious or compromised domains. This includes known Malware, Ransomware, APTs, exploit kits, malicious Name Servers, sinkholes etc. We recommend blocking them for all users. |
Infoblox Base IP | infoblox-base-ip.rpz.infoblox.local | Infoblox Base IP feed enables protection against known malicious or compromised IP addresses. These IPs are known infrastructure to host threats that can act on or control a system by way of C&C malware downloads and active phishing sites. We recommend blocking them for all users |
Infoblox High Risk | infoblox-high-risk.rpz.infoblox.local | Infoblox High Risk feed includes domains that are not confirmed yet but are highly suspicious. It's very likely to be used in a malicious act at some point. These domains though unconfirmed carry high threat and high confidence, so we recommend blocking them for most users. It includes Suspicious domains, Suspicious Lookalikes and Suspicous NOED (Newly Observed Emergent Domains) with high combined score of threat and confidence levels. |
Infoblox Medium Risk | infoblox-med-risk.rpz.infoblox.local | Infoblox Medium Risk feed includes domains that are not confirmed yet but still pose medium risk. They are suspicious domains with lower combined score of Threat and Confidence level than High Risk feed but higher than Low Risk feed. It's still could likely be used in a malicious act, so we recommend blocking them for most users. It includes Suspicious domains, Suspicious Lookalikes and Suspicious NOED (Newly Observed Emergent Domains) with medium combined score of threat and confidence levels. |
Infoblox Low Risk | infoblox-low-risk.rpz.infoblox.local | Infoblox Low Risk feed includes domains that are not confirmed yet but are still suspicious. It's possible it can be used in a malicious act. These domains carry a lower combined score of threat and confidence levels. Its recommended to monitor with Allow-WithLog option for most users and have it in block mode for sensitive environments. It includes Suspicious domains, Suspicious Lookalikes and Suspicious NOED (Newly Observed Emergent Domains) with lower combined score of threat and low levels |
Infoblox Informational | infoblox-informational.rpz.infoblox.local | Infoblox Informational: Infoblox Informational feed includes domains with low threat and confidence levels. These are for informational use per policy and sensitivity of the environment. This feed carries Newly Observed Emergent Domains (NOED). It's recommended to monitor with Allow-WithLog option for most users and have it in block mode for sensitive environments (as new domains are not mission critical for the most part and best to enable them when they are established for a longer time). |
...