Versions Compared

Old Version 8

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version 9

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Dossier Summary report provides a comprehensive overview of threat indicator information, including DNS records, domain/subdomain count, URL count, and IP count.

  • The Summary report displays a representative screenshot of queried domains.
  • Infoblox Intelligence section includes Web Category, TLD Score, and Nameserver Reputation.
  • The report also contains features like Categorizations and Lookalike Detection.
  • It provides links to generated summary detail reports resulting from conducting a Dossier search.
  • Sensitive content is blurred with categories such as Terrorism and Pornography.

Image RemovedImage Added

Image: An example Dossier Summary report page. 

Summary Detail Reports: The links to the generated summary detail reports resulting from conducting a Dossier search are displayed here. Do note that not every Dossier search results in generating all summary setails reports. Only the summary detail reports applicalbe to the Dossier search are returned; these are indicated by a light-blue colored hyperlink. Unavailable reports are indicated in light gray. The following detail reports are available (the quantity and types of available reports are dependent on the threat indicator being searched). 

...

  • DNS Record Count: The number of DNS records associated with the queried threat indicator. 
  • Domain/Subdomain CountThe number of doamins and/or subdomains associated with the queried threat indicator. 
  • URL CountThe number of URLs associated with the queried threat indicator. 
  • IP CountThe number of IP addresses associated with the queried threat indicator. 

Image ModifiedInfoblox IntelligenceThe Infoblox intelligence section of the report includes information acquired by Infoblox during the course of investigation of the threat indicator. For additional information, the individual information panes of the intelligence section can be expanded by clicking. Similarly, the individual information panes for each section can be minimized by clicking.

...

  • Web Category: The web category the indicator is a member.
  • Info: Information about the threat indicator. 
  • TLD Score: The risk score for the TLD calculated from the TLD's confidence, rarity, and popularity scores.  
  • Nameserver Reputation: Displays information on the domains associated with the nameserver, along with information on the nameserver's confidence, rarity, and popularity. The reputation of the nameserver is established based on the nameserver's confidence, rarity, and popularity scores. 
  • DNS Ranking: The DNS ranking as determined by Infoblox. Information on its query rank is also provided.
  • Threat Property: The threat property associated with the indicator. Information on its query rank is also provided.
  • Industry DNS Rank: A consensus rank determined by the aggragate of rankings provided by industry sources. Information on its query rank is also provided.

Dossier Search:  Copy or paste your indicator search parameters into the search field followed by clicking Search to initiate an indicator search. The Dossier search feature accomodates searches for domains, IP addresses, hostnames, URLs, email, or hash value.

 Top Navigation Menu: Click on one of the icons to perform a task.

...

  1. On the Dossier Timeline report page, click  located at the top, right-hand side of the Action bar.
  2. On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrowassociated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can clickto add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it.
  3. Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.

    Image Removed
  4. You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the Timeline report page.

For informatioon on custom lists, see Creating Custom Lists. 

Generate API Request

Click  to generate an API request. A pop-up window populated with the API information will be displayed.

...

When available, the top navigation bar also displays a clickable link where you can find additional information on the indicator.  

Dossier Search:  Copy or paste your indicator search parameters into the search field followed by clicking Search to initiate an indicator search. The Dossier search feature accomodates searches for domains, IP addresses, hostnames, URLs, email, or hash value. 

Resources: 

Click Resources and select an option from the drop-down menu to view a Dossier resource.

...