Page Comparison

...

The Threat Insight table displays the following information by specific criteria. Select the applicable objects from the following column drop-down menus:

• DETECTIONSACTIONS: The number of detections associated with the report. Clicking on a record's number of detections will display a table of the detections associated with the target domain. The information displayed for the target domain includes the following:

• DETECTED: The timestamp associated with the detection. 

THREAT LEVEL: The target domain's threat level rating The configured action for the security rule. This can be HighAllow, Medium Redirect, LowBlock, or Info.

• QUERY: The DNS query type. ClickingImage Removedassociated with a record allows you to view the Dossier threat look-up record of a threat class or property for the selected record. On the Dossier threat look-up page, you can view the Dossier report details for additional information on the selected record.

• CLASS: The threat class associated with the target domain.

• POLICY: The security policy against which the malicious hit triggered.

• DEVICE IP: The IP address of the device responsible for the hit. If you are using BloxOne Endpoint for the Infoblox Grid, BloxOne Cloud can identify the hostname of the Grid Master and displays it in this filter. If the NIOS appliance is not running a supported NIOS version or if this device is a remote site, BloxOne Cloud captures the IP address (instead of the hostname) of the appliance in this field.

• SOURCE: The location of the device within the network infrastructure.

• QUERY TYPE: The DNS query type. 

• USER: The user that triggered the hit. For remote offices.

THREAT CONFIDENCE: The or Log.
• CONFIDENCE: The confidence level for the malicious hit. A High confidence level means that the hit was likely to be real. 
• DETECTIONS: The number of detections associated with the report. Clicking on a record's number of detections will display a table of the detections with detailed information associated with the target domain.
• TARGET DOMAIN: The domain the threat is targeting. Displays the domain that sent the DNS query. ClickingImage RemovedClickingthe view on Dossier icon associated with a record allows you to view the Dossier threat look-up record of a threat class or property for the selected record. On the Dossier threat look-up page, you can view the Dossier report details for additional information on the selected record.
• THREAT LEVEL: The threat level for the malicious hit. This can be High, Medium, Low, or Info.
• CONFIDENCE: The confidence level for the malicious hit. A High confidence level means that the hit was likely to be real.
• THREAT CLASSES: The threat intelligence class, such as Phishing, MalwareC2DGA, and others.
• THREAT FAMILY: Threat family is a grouping of malicious threats. For information, see Threat Family Classes.
• THREAT LEVEL: The target domain's threat level rating. This can be High, Medium, Low, or Info.
  

...