Versions Compared

Old Version 5

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Threat Intel includes the latest analysis, alerts, advisories, and reports from the Infoblox Threat Intel team focusing on threat actors persisting in DNS. Infoblox automatically detects and tracks clusters of newly registered and deployed domains likely controlled by the same threat actor. Connections between these clusters assist in consistently monitoring a threat actor. We use our animal taxonomy to formally name actors when we can oversee their infrastructure and have conducted thorough research. The results include both automatically generated and specifically named actors identified within your network.

To view Threat Intel from within the Cloud Services Portal, do the following:

  1. Click Monitor > Research > Threat Intel.

  2. Select the type of threat intel to view. Choices include the following:

    • Threat Actors In Your Environment

    • All Infoblox Publications

    • Zero Day DNS

...

Under Threat Actors in Your Environment tab is displayed a list of threat actors observed in your environment. Each reported threat actor in your environment includes detailed information about the specific threat actor.

With the release of the “Threat Actors In Your Environment” reports, the Threat Labs reports have been deprecated.

...


This page highlights the threat actors discovered in your network along with other details about the threat actor, including:

  • Description: A concise overview of the threat actor from Infoblox Threat Intel.

  • Total Domain Count: The total number of occurrences of the threat actor on domains identified by Infoblox Threat Intel.

  • Domains in Your Network: The domains in your network your where the threat actor has been identitifed . Click the link to view information about the threat domain on the Infoblox blog.

  • Domains Not in Your Network: The occurrences of the threat actor on domains not within your network as identified by Infoblox Threat Intel.

  • Active Threat Domains Discovered by infoblox: This section highlights the threat actors discovered in your network. This section also displays how early Infoblox discovered a threat actor in your network. Additionally, this section provides the following information:

    • The name of the domain in your network and its associated threat.

    • A dropdown list of domains within your network associated with the threat. Click on a listed threat domain to view detection details on the Infoblox Threat Intel Blog.

    • A schematic diagram depicting the timeline of detection from intial detection to final outcome, showing:

      • When Infoblox first detected the threat domain (far left side of timeline).

      • Date when other vendors discovered the domain.

      • Duration during which Infoblox protected your network from this threat domain.

      • Last seen date for the threat domain based on DNS traffic records.

threat_actor_report.PNGImage Added

Infoblox Threat Intel Blog

...

Reading through the reports will reveal details on threat behavior, indicators of compromise, and new attackers and their tools or infrastructure.

...

Zero Day DNS

Zero Day DNS is employs a zero-trust approach to new newly registered domains in within your network. It Its purpose is designed to capture just identify recently registered spearphishing, DGA, and malware domains. Under Within the "Zero Day DNS tab is displayed a " tab, you will find a comprehensive list of detected Zero Day DNS domains detected in your network and how many of them are flagged as “Suspicious.” along with the count of those flagged as "Suspicious" and/or "Malicious."

...

For information on how to configure Zero Day DNS, see Zero Day DNS Configuration.

...