Versions Compared

Old Version 1

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Infoblox enables you to You can configure Threat Insight on the a cloud client to detect and block blacklisted blocklisted domains. ; Threat Insight uses analytics algorithms to will detect DNS tunneling by analyzing incoming DNS queries and responses. With Threat Insight, you can also configure a whitelist and include an allowlist of trusted domains for which NIOS to will allow DNS traffic. Note that

Threat Insight for the a cloud destination accessed through the Data Connector is valid for local RPZ zones only. When you configure RPZs for a Gridgrid, you can also define rules to block DNS resolution for malicious domains or to redirect such cloud clients. Infoblox allows you to configure only one cloud client per Grid grid, and you must first request an API key through the Cloud Services the Infoblox Portal, to authorize Threat Insight requests from the cloud client.
Note that you
You must configure the Infoblox Data Connector to transport data from the Grid to BloxOne grid to Infoblox Threat Defense Cloud Platform, and you can use this feature only when an RPZ license is installed in on the Gridgrid. When you configure Threat Insight for a cloud destination, the threat insight Threat Insight domains that are added in the Cloud Services the Infoblox Portal for the respective a user are synchronized with the RPZ zone that you add to the list. This synchronization happens periodically based on takes place according to the interval that you define.

If your Grid grid is running NIOS version 8.2.0, you can configure the Grid grid to retrieve blacklisted blocklisted domains , (which are detected by the Threat Insight feature, ) from the cloud destination and to block traffic by using RPZs. For more information about RPZs, refer to the the Infoblox NIOS Administrator Guide.

To configure Threat Insight for a cloud destination, complete do the following:

  1. Log in to Grid Manager.
  2. From the In the Data Management tab tab, select the DNS tab -> the DNS tab > Response Policy Zones tab tab, and then click click Threat Insight in the Cloud Client in  in the Toolbartoolbar.
  3. Complete the following in the In the Threat Insight in the Cloud Integration Client wizard wizard, do the following:
    • Enable Cloud Client: Select this checkbox to enable Threat Insight in the cloud client.
    • Interval:
    You can specify how often to request Threat Insight results
    • Specify, in seconds or minutes, how often the results generated by Threat Insight are to be requested from the cloud client
    in seconds or minutes
    • . The default is 10 minutes.
    • The list of Response Policy Zones to use for
    blacklisted
    • blocklisted domains: Click the Add icon to add an RPZ to the list. When there are multiple zones, Grid Manager displays
    the Zone Selector dialog box
    • the Zone Selector dialog box, from which you can select
    one
    • a zone. You can add an RPZ from different network and DNS views. Whenever a new RPZ is added and the cloud client requests data, Grid Manager displays
    a Warning dialog box
    • a Warning dialog to confirm that you wish to request all
    detected
    • Threat Insight–detected domains
    by Threat Insight
    • in the cloud client. Even if you have
    clicked No in the Warning dialog box
    • clicked No in the Warning dialog, you can use
    the
    • the CLI command set cloud_services_portal_force_refresh
    CLI command
    • in maintenance mode and set the flag to request all domains detected in the cloud client.
  4. Click Click Save & Close.