NIOS RPZ feed recommendations to use after the feed revamp release in December 2024.
...
Remove all to-be-deprecated feeds from NIOS RPZ prior to their EOS date in December 2024. Replace the deprecated feeds with the recommendations as provided by Infoblox. When the to-be-deprecated feeds reach EOS, NIOS will no longer be able to sync them from the Cloud Services Portal, leading to an error state.
When replacing feeds with the recommendations below, consider policy settings, eg., logging vs blocking, of currently used feeds and replicate them for the replacements.
RPZ Feeds Scheduled for Deprecation in December 2024
The following feeds are approaching end of service and are being deprecated. In their place, Infoblox offers a set of new RPZ feeds designed to replace the deprecated feeds.
Deprecated RPZ Feeds | Deprecated RPZ Feed Name | Description |
|---|---|---|
Base Hostnames | base.rpz.infoblox.local | Enables protection against known hostnames that are dangerous as destinations, such as APT, Bot, Compromised Host/Domains, Exploit Kits, Malicious Name Servers, and Sinkholes. |
AntiMalware | antimalware.rpz.infoblox.local | Enables protection against known malicious hostname threats that can take action on or control of your system, such as Malware Command & Control, Malware Download, and active Phishing sites. |
Ransomware | ransomware.rpz.infoblox.local | Enables protection against ransomware taking over your system. Ransomware will encrypt files on your system and require you to pay in order to get them decrypted. This feed prevents ransomware to contact the servers which it needs to encrypt your files. |
Malware DGA Hostnames | malware-dga.rpz.infoblox.local | Domain generation algorithm (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers. Examples include Ramnit, Conficker, and Banjori. |
Antimalware IP | antimalware-ip.rpz.infoblox.local | Enables protection against known malicious or compromised IP addresses. These are known to host threats that can take action on or control of your system, such as Malware Command & Control, Malware Download, and active Phishing sites. |
Suspicious | sanctions-med.rpz.infoblox.local | The Suspicious Domains feed enables protection against hostnames that have not been directly linked to malicious behavior but behave in a manner that suggests malicious behavior may be imminent. |
Suspicious Lookalike | suspicious-lookalikes.rpz.infoblox.local | The Suspicious Lookalikes feed includes domains that appear to impersonate other trusted domains, but have demonstrated enough abnormal behavior to warrant concern. |
Suspicious NOED | suspicious-noed.rpz.infoblox.local | The Suspicious Emergent Domains feed include high risk, new domains. These domains have only recently become active, and share one or more characteristics with other known malicious domains to warrant concern. |
Newly Observed Emergent Domains | noed.rpz.infoblox.local | The NOED feed includes recently created and newly active domain names. These are not necessarily suspicious but some organizations may wish to log traffic going to these domains as there is a low likelihood that these domains would be visited normally. |
...
Feed Availability | |||
|---|---|---|---|
Feed Name | Essentials | Business On-Prem | Advanced |
Infoblox Base | ✔ | ✔ | ✔ |
Infoblox Base IP | NA | ✔ | ✔ |
Infoblox High Risk | NA | NA | ✔ |
Infoblox Medium Risk | NA | NA | ✔ |
Infoblox Low Risk | NA | NA | ✔ |
Infoblox Informational | NA | ✔ | ✔ |
For information for adding the new feeds and sizing requirements to your appliance, see Sizing Guidelines for Trinzic Appliances.
...