Versions Compared

Old Version 8

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • query=domain.*AND device=52.123*
  • device=office1.domain OR device=office2.domain.com
  • dns_view=example-view AND query_type=A

(source=‘BloxOne ‘Infoblox Endpoint’ OR source=“example 1”) AND device=52.123*

...

  • DETECTED: The date the indicator was first detected. 
  • THREAT LEVEL: The threat level for the malicious hit. This can be High, MediumLow, or Info.
  • QUERY: Displays the domain that sent the DNS query. Clickingthe view on Dossier icon associated with a record allows you to view the Dossier threat look-up record of a threat class or property for the selected record. On the Dossier threat look-up page, you can view the Dossier report details for additional information on the selected record. 
  • CLASS: The threat intelligence class, such as Phishing, MalwareC2DGA, and others.
  • PROPERTY: The property or nature of the threat. By default, the portal includes all threat properties.
  • POLICY: The security policy against which the malicious hit triggered.
  • ACTION: The configured action for the security rule. This can be Allow, Redirect, Block, or Log.
  • DEVICE NAME: The name of the device.
  • SOURCE: The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device.
  • RESPONSE: The response taken by BloxOne Cloud by Infoblox Platform for the malicious hit.
  • DNS VIEW: The DNS version data being served.
  • FEED: The name of the threat feed against which the malicious hit triggered.
  • QUERY TYPE: The DNS query type.
  • MAC ADDRESS: The detected MAC address of the device.
  • DHCP FINGERPRINT: The unique identifier that was formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
  • USER: The user that triggered the hit. For remote offices, the portal displays Unknown for these users.

  • THREAT CONFIDENCE: A scoring system for malicious hits where confidence is rated High, Medium, or Low

  • DEVICE IP: The IP address of the device responsible for the hit.
  • OS VERSION: The version of the device's operating system making the request.
  • INDICATOR: The policy source from which the indicator type being reported. The indicator can originate from an application or category filter, from a custom list, or from a feed.
  • RESPONSE REGION: The region within a country where the response originated based on information acquired from the public IP address of BloxOne of Infoblox Endpoint and DFP,
  • RESPONSE COUNTRY: The country where the response originated based on information acquired from the public IP address of BloxOne of Infoblox Endpoint and DFP,
  • DEVICE REGION: The region within a country where the response originated. 
  • DEVICE COUNTRY: The country where the device resides.

...