BloxOne Threat Defense Cloud provides predefined threat intelligence feeds based on your subscription. The BloxOneThreat Defense Business On-Premises and BloxOne Threat Defense Business Cloud subscriptions offer a few more feeds than the BloxOneThreat Defense Essentials subscription. The BloxOneThreat Defense Advanced subscription offers a few more feeds than the BloxOneThreat Defense Business On-Premises and BloxOneThreat Defense Business Cloud subscriptions. To view threat feeds and Threat Insight information associated with a security policy, see Viewing Feeds and Threat Insight Associated with a Security Policy.
...
NCCIC_IP
Indicators contained in this feed appear on the watchlist from the National Cybersecurity & Communications Integration Center (NCCIC) and are not verified or validated by DHS or Infoblox. DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24×7 cyber situational awareness, incident response, and management center that serves as the hub of information sharing activities among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. Data included in this feed are subject to the U.S. Department of Homeland Security Automated Indicator Sharing Terms of Use available at: https://www.us-cert.gov/ais and must be handled in accordance with the Terms of Use. Please email ncciccustomerservice@hq.dhs.gov for additional information. Hostname Indicators contained in this feed have not been verified or validated and may contain false positives. While these indicators may be used to detect suspicious activity, Infoblox recommends caution due to the potential to cause a user or customer outage. Recommended running in ‘logging’ mode prior to blocking to see what would have been blocked.
New_Observed_Emergent_Domains
The New_Observed_Emergent_Domains feed consists of recently created and newly active domain names. These are not necessarily suspicious, but some may wish to log traffic going to these domains as there is a low likelihood that these domains would be visited normally.
Public_DOH
The Public DOH feed provides a list of known public DNS services that tunnel their traffic over HTTP. This may be from a browser (such as Mozilla Firefox), a piece of malware, or a user attempting to bypass your organization's DNS policies. This feed contains “canary” domains. It is very important that when you protect your network on the DNS level that you block communications to any 3rd party DNS server your applications or devices may use. We recommend all organizations enable this blocking rule.
...