Versions Compared

Old Version 10

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version 11

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


NOTE: This page with the new feeds colored in the red font color get published on July 12, 2022. DO NOT publish this page before that date. 

BloxOne Threat Defense Cloud provides predefined threat intelligence feeds based on your subscription. The BloxOneThreat Defense Business On-Premises and BloxOne Threat Defense Business Cloud subscriptions offer a few more feeds than the BloxOneThreat Defense Essentials subscription. The BloxOneThreat Defense Advanced subscription offers a few more feeds than the BloxOneThreat Defense Business On-Premises and BloxOneThreat Defense Business Cloud subscriptions. To view threat feeds and Threat Insight information associated with a security policy, see Viewing Feeds and Threat Insight Associated with a Security Policy.

...

The use and mining of cryptocurrency is not inherently benign or malicious, or used exclusively by threat actors or general users. However, over the last several years, it has been increasingly used for illegal and/or fraudulent activities such as human trafficking, black market sales/purchases, and ransomware payments, and others. Cryptocurrency mining can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. This feed features threats that allow malicious actors to perform illegal and/or fraudulent activities, coinhives that allows site owners to embed cryptocurrency mining software into their webpages as a replacement to normal advertising, Cryptojacking that allows site owners to mine for cryptocurrency without the owner’s consent, and cryptocurrency mining pools working together to mine cryptocurrency. This feed features indicators of activity which may indicate malicious or unauthorized use of resources including: coinhive which can be embedded into a site owner’s web pages to lie cryptocurrency with the visitor’s permission as an alternative to web banner advertising; cryptojacking where malicious actors use in-browser mining without the victim’s consent; and cryptocurrency mining pools working together to mine cryptocurrency.

...

Custom threat feed.

The Department of Homeland Security’s (DHS) Automated Indicator Sharing (AIS) program enables the exchange of cyber threat indicators between the Federal Government and the private sector. AIS is a part of the Department of Homeland Security’s effort to create an ecosystem where as soon as a company or federal agency observes an attempted compromise, the indicator is shared with AIS program partners, including Infoblox. Hostname Indicators contained in this feed are not validated by DHS as the emphasis is on velocity and volume. Infoblox does not modify or verify the indicators. However, indicators from the AIS program are classified and normalized by Infoblox to ease consumption. Data included in this AIS_IP feed includes AIS data subject to the U.S. Department of Homeland Security Automated Indicator Sharing Terms of Use available at https://www.us-cert.gov/ais and must be handled in accordance with the Terms of Use. Prior to further distributing the AIS data, you may be required to sign and submit the Terms of Use. Please email ncciccustomerservice@hq.dhs.gov for additional information.

...

Suspicious/malicious as sources. IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. IP’s listed are also frequently found with a poor/negative reputation on that IP address. Recommended to run in ‘logging’ mode prior to blocking to see what would have been blocked. Can also be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance.

Suspicous_Domains

Suspicious destinations: Enables protection against hostnames that have not been directly linked to malicious behavior but behave in a manner that suggests malicious behavior may be imminent.

...

Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be used to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine.

US_OFAC_Sanctions_IP_Embargoed

May choose to block based on company policy. Contains IP's assigned to United States sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.

US_OFAC_Sanctions_IP_High

May choose to block based on company policy. Contains IP's assigned to United States high-risk sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.

US_OFAC_Sanctions_IP_Med

...

.