Versions Compared

Old Version 2

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Threat Intel includes the latest analysis, alerts, advisories, and reports from the Infoblox Threat Intel team focusing on threat actors persisting in DNS. Infoblox automatically detects and tracks clusters of newly registered and deployed domains likely controlled by the same threat actor. Connections between these clusters assist in consistently monitoring a threat actor. We use our animal taxonomy to formally name actors when we can oversee their infrastructure and have conducted thorough research. The results include both automatically generated and specifically named actors identified within your network.

To view Threat Intel from within the Cloud Services Portal, do the following:

  1. Click Monitor > Research > Threat Intel.

  2. Select the type of threat intel to view. Choices include the following:

    • Threat Actors In Your Environment

    • All Infoblox Publications

    • Zero Day DNS

...

Under Threat Actors in Your Environment tab is displayed a list of threat actors observed in your environment. Each reported threat actor in your environment includes detailed information about the specific threat actor.

With the release of the “Threat Actors In Your Environment” reports, the Threat Labs reports have been deprecated.

...


This page provides highlights the threat actors discovered in your network along with other details about the threat domainactor, including:

  • Description: A concise overview of the threat actor from Infoblox Threat Intel.

  • Total Domain Count: The total number of occurrences of the threat actor on domains identified by Infoblox Threat Intel.

  • Domains in Your Network: The occurrences of the threat on domains within in your network identified by Infoblox Threat Intelyour where the threat actor has been identitifed . Click the link to view information about the threat domain on the Infoblox blog.

  • Domains Not in Your Network: The occurrences of the threat actor on domains not within your network as identified by Infoblox Threat Intel.

  • Active Threat Domains Discovered by infoblox: This section presents highlights the threat actors discovered in your network. This section also displays how early Infoblox discovered a threat actor in your network. Additionally, this section provides the following information:

    • The name of the domain in your network and its associated threat.

    • A dropdown list of domains within your network associated with the threat. Click on a listed threat domain to view detection details on the Infoblox Threat Intel Blog.

    • A schematic diagram depicting the timeline of detection from intial detection to final outcome, showing:

      • When Infoblox first detected the threat domain (far left side of timeline).

      • Date when other vendors discovered the domain.

      • Duration during which Infoblox protected your network from this threat domain.

      • Last seen date for the threat domain based on DNS traffic records.

threat_actor_report.PNGImage Added

Infoblox Threat Intel Blog

...

Under the All Infoblox Publications tab is displayed a list of publications researched and produced by the Infoblox Threat Intel team on new threats; including campaigns, malware, threat actors, and exploitation of new vulnerabilities.

You can do the following on the page:  

  1. View a report’s title and publishing date. 

  2. View a brief description of a report: Click the down-pointoing arrow icon located to the right of the report’s title.  

  3. Search reports by keyword.

  4. Download and view the full report as a PDF: Click the download icon.

Reading through the reports will reveal details on threat behavior, indicators of compromise, and new attackers and their tools or infrastructure . Reports can be searched by keyword and exported. Click the downward pointing arrow icon to view a detailed description of the report.

...

Zero Day DNS

Under the Zero Day DNS employs a zero-trust approach to newly registered domains within your network. Its purpose is to identify recently registered spearphishing, DGA, and malware domains. Within the "Zero Day DNS tab is displayed a " tab, you will find a comprehensive list of detected Zero Day incidents observed DNS domains in your network along with the count of those flagged as "Suspicious" and/or "Malicious."

...

For information on how to configure Zero Day DNS, see Zero Day DNS Configuration.

...