Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

BloxOne Threat Defense Cloud provides predefined threat intelligence feeds based on your subscription. The BloxOneThreat Defense Business On-Premises and BloxOne Threat Defense Business Cloud subscriptions offer a few more feeds than the BloxOneThreat Defense Essentials subscription. The BloxOneThreat Defense Advanced subscription offers a few more feeds than the BloxOneThreat Defense Business On-Premises and BloxOneThreat Defense Business Cloud subscriptions. To view threat feeds and Threat Insight information associated with a security policy, see Viewing Feeds and Threat Insight Associated with a Security Policy. For information on what feeds are included with each licensing and subscription level, see Licensing and Subscriptions

...

EECN_IP
May choose to block based on company policy. Contains IPs assigned to China and Eastern European countries that are not part of the European Union. These countries are often found in cyber-attacks seeking intellectual property or other sensitive or classified data and stealing credit card or financial information. Countries include Belarus, China, Moldova, Russian Federation, and Turkey. This feed includes Geo IP data provided by MaxMind.

ETIQRisk
Provides actionable domain reputation entries that are scored based upon observed in the wild threat actor behavior and as observed directly by Proofpoint’s ET Labs. Built upon a proprietary process that leverages one of the world’s largest active malware exchanges, victim emulation at massive scale, original detection technology and a global sensor network, Proofpoint ET Intelligence is updated in real-time to provide organizations with the actionable intelligence to combat today’s emerging threats.

ETIQRisk_IP
Provides actionable IP reputation entries that are scored based upon observed in the wild threat actor behavior and as observed directly by Proofpoint’s ET Labs. Built upon a proprietary process that leverages one of the world’s largest active malware exchanges, victim emulation at massive scale, original detection technology and a global sensor network, Proofpoint ET Intelligence is updated in real-time to provide organizations with the actionable intelligence to combat today’s emerging threats.

ExploitKit_IP
Enables protection against distributable packs that contains malicious programs that are used to execute “drive-by download” attacks in order to infect users with malware. These exploit kits target vulnerabilities in the users’ machines (usually due to unpatched versions of Java, Adobe Reader, Adobe Flash, Internet Explorer, …) to load malware onto the victim’s computer.

...

NCCIC_IP
Indicators contained in this feed appear on the watchlist from the National Cybersecurity & Communications Integration Center (NCCIC) and are not verified or validated by DHS or Infoblox. DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24×7 cyber situational awareness, incident response, and management center that serves as the hub of information sharing activities among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. Data included in this feed are subject to the U.S. Department of Homeland Security Automated Indicator Sharing Terms of Use available at: https://www.us-cert.gov/ais and must be handled in accordance with the Terms of Use. Please email ncciccustomerservice@hq.dhs.gov for additional information. Hostname Indicators contained in this feed have not been verified or validated and may contain false positives.  While these indicators may be used to detect suspicious activity, Infoblox recommends caution due to the potential to cause a user or customer outage. Recommended running in ‘logging’ mode prior to blocking to see what would have been blocked.

New_Observed_Emergent_Domains
The New_Observed_Emergent_Domains feed consists of  recently created and newly active domain names. These are not necessarily suspicious, but some may wish to log traffic going to these domains as there is a low likelihood that these domains would be visited normally.

Public_DOH 
The Public DOH feed provides a list of known public DNS services that tunnel their traffic over HTTP. This may be from a browser (such as Mozilla Firefox), a piece of malware, or a user attempting to bypass your organization's DNS policies. This feed contains “canary” domains. It is very important that when you protect your network on the DNS level that you block communications to any 3rd party DNS server your applications or devices may use. We recommend all organizations enable this blocking rule.

...